zfs_ioctl.c revision 324251
1178814Sjhb/* 2178814Sjhb * CDDL HEADER START 3178814Sjhb * 4178814Sjhb * The contents of this file are subject to the terms of the 5178814Sjhb * Common Development and Distribution License (the "License"). 6178814Sjhb * You may not use this file except in compliance with the License. 7178814Sjhb * 8178814Sjhb * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9178814Sjhb * or http://www.opensolaris.org/os/licensing. 10178814Sjhb * See the License for the specific language governing permissions 11178814Sjhb * and limitations under the License. 12178814Sjhb * 13178814Sjhb * When distributing Covered Code, include this CDDL HEADER in each 14178814Sjhb * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15178814Sjhb * If applicable, add the following below this CDDL HEADER, with the 16178814Sjhb * fields enclosed by brackets "[]" replaced with your own identifying 17178814Sjhb * information: Portions Copyright [yyyy] [name of copyright owner] 18178814Sjhb * 19178814Sjhb * CDDL HEADER END 20178814Sjhb */ 21178814Sjhb 22178814Sjhb/* 23178814Sjhb * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. 24178814Sjhb * Copyright (c) 2011-2012 Pawel Jakub Dawidek. All rights reserved. 25178814Sjhb * Copyright 2013 Martin Matuska <mm@FreeBSD.org>. All rights reserved. 26178814Sjhb * Copyright 2014 Xin Li <delphij@FreeBSD.org>. All rights reserved. 27178814Sjhb * Copyright 2015, OmniTI Computer Consulting, Inc. All rights reserved. 28178814Sjhb * Copyright 2015 Nexenta Systems, Inc. All rights reserved. 29178814Sjhb * Copyright (c) 2014, 2016 Joyent, Inc. All rights reserved. 30178814Sjhb * Copyright (c) 2011, 2015 by Delphix. All rights reserved. 31178814Sjhb * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 32178814Sjhb * Copyright (c) 2013 Steven Hartland. All rights reserved. 33178814Sjhb * Copyright (c) 2014 Integros [integros.com] 34178814Sjhb */ 35178814Sjhb 36178814Sjhb/* 37178814Sjhb * ZFS ioctls. 38178814Sjhb * 39178814Sjhb * This file handles the ioctls to /dev/zfs, used for configuring ZFS storage 40178814Sjhb * pools and filesystems, e.g. with /sbin/zfs and /sbin/zpool. 41178814Sjhb * 42178814Sjhb * There are two ways that we handle ioctls: the legacy way where almost 43178814Sjhb * all of the logic is in the ioctl callback, and the new way where most 44178814Sjhb * of the marshalling is handled in the common entry point, zfsdev_ioctl(). 45178814Sjhb * 46178814Sjhb * Non-legacy ioctls should be registered by calling 47178814Sjhb * zfs_ioctl_register() from zfs_ioctl_init(). The ioctl is invoked 48178814Sjhb * from userland by lzc_ioctl(). 49178814Sjhb * 50178814Sjhb * The registration arguments are as follows: 51178814Sjhb * 52178814Sjhb * const char *name 53178814Sjhb * The name of the ioctl. This is used for history logging. If the 54178814Sjhb * ioctl returns successfully (the callback returns 0), and allow_log 55178814Sjhb * is true, then a history log entry will be recorded with the input & 56178814Sjhb * output nvlists. The log entry can be printed with "zpool history -i". 57178814Sjhb * 58178814Sjhb * zfs_ioc_t ioc 59178814Sjhb * The ioctl request number, which userland will pass to ioctl(2). 60178814Sjhb * The ioctl numbers can change from release to release, because 61178814Sjhb * the caller (libzfs) must be matched to the kernel. 62178814Sjhb * 63178814Sjhb * zfs_secpolicy_func_t *secpolicy 64178814Sjhb * This function will be called before the zfs_ioc_func_t, to 65178814Sjhb * determine if this operation is permitted. It should return EPERM 66178814Sjhb * on failure, and 0 on success. Checks include determining if the 67178814Sjhb * dataset is visible in this zone, and if the user has either all 68178814Sjhb * zfs privileges in the zone (SYS_MOUNT), or has been granted permission 69178814Sjhb * to do this operation on this dataset with "zfs allow". 70178814Sjhb * 71178814Sjhb * zfs_ioc_namecheck_t namecheck 72178814Sjhb * This specifies what to expect in the zfs_cmd_t:zc_name -- a pool 73178814Sjhb * name, a dataset name, or nothing. If the name is not well-formed, 74178814Sjhb * the ioctl will fail and the callback will not be called. 75178814Sjhb * Therefore, the callback can assume that the name is well-formed 76178814Sjhb * (e.g. is null-terminated, doesn't have more than one '@' character, 77178814Sjhb * doesn't have invalid characters). 78178814Sjhb * 79178814Sjhb * zfs_ioc_poolcheck_t pool_check 80178814Sjhb * This specifies requirements on the pool state. If the pool does 81178814Sjhb * not meet them (is suspended or is readonly), the ioctl will fail 82178814Sjhb * and the callback will not be called. If any checks are specified 83178814Sjhb * (i.e. it is not POOL_CHECK_NONE), namecheck must not be NO_NAME. 84178814Sjhb * Multiple checks can be or-ed together (e.g. POOL_CHECK_SUSPENDED | 85178814Sjhb * POOL_CHECK_READONLY). 86178814Sjhb * 87178814Sjhb * boolean_t smush_outnvlist 88178814Sjhb * If smush_outnvlist is true, then the output is presumed to be a 89178814Sjhb * list of errors, and it will be "smushed" down to fit into the 90178814Sjhb * caller's buffer, by removing some entries and replacing them with a 91178814Sjhb * single "N_MORE_ERRORS" entry indicating how many were removed. See 92178814Sjhb * nvlist_smush() for details. If smush_outnvlist is false, and the 93178814Sjhb * outnvlist does not fit into the userland-provided buffer, then the 94178814Sjhb * ioctl will fail with ENOMEM. 95178814Sjhb * 96178814Sjhb * zfs_ioc_func_t *func 97178814Sjhb * The callback function that will perform the operation. 98178814Sjhb * 99178814Sjhb * The callback should return 0 on success, or an error number on 100178814Sjhb * failure. If the function fails, the userland ioctl will return -1, 101178814Sjhb * and errno will be set to the callback's return value. The callback 102178814Sjhb * will be called with the following arguments: 103178814Sjhb * 104178814Sjhb * const char *name 105178814Sjhb * The name of the pool or dataset to operate on, from 106178814Sjhb * zfs_cmd_t:zc_name. The 'namecheck' argument specifies the 107178814Sjhb * expected type (pool, dataset, or none). 108178814Sjhb * 109178814Sjhb * nvlist_t *innvl 110178814Sjhb * The input nvlist, deserialized from zfs_cmd_t:zc_nvlist_src. Or 111178814Sjhb * NULL if no input nvlist was provided. Changes to this nvlist are 112178814Sjhb * ignored. If the input nvlist could not be deserialized, the 113178814Sjhb * ioctl will fail and the callback will not be called. 114178814Sjhb * 115178814Sjhb * nvlist_t *outnvl 116178814Sjhb * The output nvlist, initially empty. The callback can fill it in, 117178814Sjhb * and it will be returned to userland by serializing it into 118178814Sjhb * zfs_cmd_t:zc_nvlist_dst. If it is non-empty, and serialization 119178814Sjhb * fails (e.g. because the caller didn't supply a large enough 120178814Sjhb * buffer), then the overall ioctl will fail. See the 121178814Sjhb * 'smush_nvlist' argument above for additional behaviors. 122178814Sjhb * 123178814Sjhb * There are two typical uses of the output nvlist: 124178814Sjhb * - To return state, e.g. property values. In this case, 125178814Sjhb * smush_outnvlist should be false. If the buffer was not large 126178814Sjhb * enough, the caller will reallocate a larger buffer and try 127178814Sjhb * the ioctl again. 128178814Sjhb * 129178814Sjhb * - To return multiple errors from an ioctl which makes on-disk 130178814Sjhb * changes. In this case, smush_outnvlist should be true. 131178814Sjhb * Ioctls which make on-disk modifications should generally not 132178814Sjhb * use the outnvl if they succeed, because the caller can not 133 * distinguish between the operation failing, and 134 * deserialization failing. 135 */ 136#ifdef __FreeBSD__ 137#include "opt_kstack_pages.h" 138#endif 139 140#include <sys/types.h> 141#include <sys/param.h> 142#include <sys/systm.h> 143#include <sys/conf.h> 144#include <sys/kernel.h> 145#include <sys/lock.h> 146#include <sys/malloc.h> 147#include <sys/mutex.h> 148#include <sys/proc.h> 149#include <sys/errno.h> 150#include <sys/uio.h> 151#include <sys/buf.h> 152#include <sys/file.h> 153#include <sys/kmem.h> 154#include <sys/conf.h> 155#include <sys/cmn_err.h> 156#include <sys/stat.h> 157#include <sys/zfs_ioctl.h> 158#include <sys/zfs_vfsops.h> 159#include <sys/zfs_znode.h> 160#include <sys/zap.h> 161#include <sys/spa.h> 162#include <sys/spa_impl.h> 163#include <sys/vdev.h> 164#include <sys/dmu.h> 165#include <sys/dsl_dir.h> 166#include <sys/dsl_dataset.h> 167#include <sys/dsl_prop.h> 168#include <sys/dsl_deleg.h> 169#include <sys/dmu_objset.h> 170#include <sys/dmu_impl.h> 171#include <sys/dmu_tx.h> 172#include <sys/sunddi.h> 173#include <sys/policy.h> 174#include <sys/zone.h> 175#include <sys/nvpair.h> 176#include <sys/mount.h> 177#include <sys/taskqueue.h> 178#include <sys/sdt.h> 179#include <sys/varargs.h> 180#include <sys/fs/zfs.h> 181#include <sys/zfs_ctldir.h> 182#include <sys/zfs_dir.h> 183#include <sys/zfs_onexit.h> 184#include <sys/zvol.h> 185#include <sys/dsl_scan.h> 186#include <sys/dmu_objset.h> 187#include <sys/dmu_send.h> 188#include <sys/dsl_destroy.h> 189#include <sys/dsl_bookmark.h> 190#include <sys/dsl_userhold.h> 191#include <sys/zfeature.h> 192#include <sys/zio_checksum.h> 193 194#include "zfs_namecheck.h" 195#include "zfs_prop.h" 196#include "zfs_deleg.h" 197#include "zfs_comutil.h" 198#include "zfs_ioctl_compat.h" 199 200CTASSERT(sizeof(zfs_cmd_t) < IOCPARM_MAX); 201 202static struct cdev *zfsdev; 203 204extern void zfs_init(void); 205extern void zfs_fini(void); 206 207uint_t zfs_fsyncer_key; 208extern uint_t rrw_tsd_key; 209static uint_t zfs_allow_log_key; 210extern uint_t zfs_geom_probe_vdev_key; 211 212typedef int zfs_ioc_legacy_func_t(zfs_cmd_t *); 213typedef int zfs_ioc_func_t(const char *, nvlist_t *, nvlist_t *); 214typedef int zfs_secpolicy_func_t(zfs_cmd_t *, nvlist_t *, cred_t *); 215 216typedef enum { 217 NO_NAME, 218 POOL_NAME, 219 DATASET_NAME 220} zfs_ioc_namecheck_t; 221 222typedef enum { 223 POOL_CHECK_NONE = 1 << 0, 224 POOL_CHECK_SUSPENDED = 1 << 1, 225 POOL_CHECK_READONLY = 1 << 2, 226} zfs_ioc_poolcheck_t; 227 228typedef struct zfs_ioc_vec { 229 zfs_ioc_legacy_func_t *zvec_legacy_func; 230 zfs_ioc_func_t *zvec_func; 231 zfs_secpolicy_func_t *zvec_secpolicy; 232 zfs_ioc_namecheck_t zvec_namecheck; 233 boolean_t zvec_allow_log; 234 zfs_ioc_poolcheck_t zvec_pool_check; 235 boolean_t zvec_smush_outnvlist; 236 const char *zvec_name; 237} zfs_ioc_vec_t; 238 239/* This array is indexed by zfs_userquota_prop_t */ 240static const char *userquota_perms[] = { 241 ZFS_DELEG_PERM_USERUSED, 242 ZFS_DELEG_PERM_USERQUOTA, 243 ZFS_DELEG_PERM_GROUPUSED, 244 ZFS_DELEG_PERM_GROUPQUOTA, 245}; 246 247static int zfs_ioc_userspace_upgrade(zfs_cmd_t *zc); 248static int zfs_check_settable(const char *name, nvpair_t *property, 249 cred_t *cr); 250static int zfs_check_clearable(char *dataset, nvlist_t *props, 251 nvlist_t **errors); 252static int zfs_fill_zplprops_root(uint64_t, nvlist_t *, nvlist_t *, 253 boolean_t *); 254int zfs_set_prop_nvlist(const char *, zprop_source_t, nvlist_t *, nvlist_t *); 255static int get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp); 256 257static void zfsdev_close(void *data); 258 259static int zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature); 260 261/* _NOTE(PRINTFLIKE(4)) - this is printf-like, but lint is too whiney */ 262void 263__dprintf(const char *file, const char *func, int line, const char *fmt, ...) 264{ 265 const char *newfile; 266 char buf[512]; 267 va_list adx; 268 269 /* 270 * Get rid of annoying "../common/" prefix to filename. 271 */ 272 newfile = strrchr(file, '/'); 273 if (newfile != NULL) { 274 newfile = newfile + 1; /* Get rid of leading / */ 275 } else { 276 newfile = file; 277 } 278 279 va_start(adx, fmt); 280 (void) vsnprintf(buf, sizeof (buf), fmt, adx); 281 va_end(adx); 282 283 /* 284 * To get this data, use the zfs-dprintf probe as so: 285 * dtrace -q -n 'zfs-dprintf \ 286 * /stringof(arg0) == "dbuf.c"/ \ 287 * {printf("%s: %s", stringof(arg1), stringof(arg3))}' 288 * arg0 = file name 289 * arg1 = function name 290 * arg2 = line number 291 * arg3 = message 292 */ 293 DTRACE_PROBE4(zfs__dprintf, 294 char *, newfile, char *, func, int, line, char *, buf); 295} 296 297static void 298history_str_free(char *buf) 299{ 300 kmem_free(buf, HIS_MAX_RECORD_LEN); 301} 302 303static char * 304history_str_get(zfs_cmd_t *zc) 305{ 306 char *buf; 307 308 if (zc->zc_history == 0) 309 return (NULL); 310 311 buf = kmem_alloc(HIS_MAX_RECORD_LEN, KM_SLEEP); 312 if (copyinstr((void *)(uintptr_t)zc->zc_history, 313 buf, HIS_MAX_RECORD_LEN, NULL) != 0) { 314 history_str_free(buf); 315 return (NULL); 316 } 317 318 buf[HIS_MAX_RECORD_LEN -1] = '\0'; 319 320 return (buf); 321} 322 323/* 324 * Check to see if the named dataset is currently defined as bootable 325 */ 326static boolean_t 327zfs_is_bootfs(const char *name) 328{ 329 objset_t *os; 330 331 if (dmu_objset_hold(name, FTAG, &os) == 0) { 332 boolean_t ret; 333 ret = (dmu_objset_id(os) == spa_bootfs(dmu_objset_spa(os))); 334 dmu_objset_rele(os, FTAG); 335 return (ret); 336 } 337 return (B_FALSE); 338} 339 340/* 341 * Return non-zero if the spa version is less than requested version. 342 */ 343static int 344zfs_earlier_version(const char *name, int version) 345{ 346 spa_t *spa; 347 348 if (spa_open(name, &spa, FTAG) == 0) { 349 if (spa_version(spa) < version) { 350 spa_close(spa, FTAG); 351 return (1); 352 } 353 spa_close(spa, FTAG); 354 } 355 return (0); 356} 357 358/* 359 * Return TRUE if the ZPL version is less than requested version. 360 */ 361static boolean_t 362zpl_earlier_version(const char *name, int version) 363{ 364 objset_t *os; 365 boolean_t rc = B_TRUE; 366 367 if (dmu_objset_hold(name, FTAG, &os) == 0) { 368 uint64_t zplversion; 369 370 if (dmu_objset_type(os) != DMU_OST_ZFS) { 371 dmu_objset_rele(os, FTAG); 372 return (B_TRUE); 373 } 374 /* XXX reading from non-owned objset */ 375 if (zfs_get_zplprop(os, ZFS_PROP_VERSION, &zplversion) == 0) 376 rc = zplversion < version; 377 dmu_objset_rele(os, FTAG); 378 } 379 return (rc); 380} 381 382static void 383zfs_log_history(zfs_cmd_t *zc) 384{ 385 spa_t *spa; 386 char *buf; 387 388 if ((buf = history_str_get(zc)) == NULL) 389 return; 390 391 if (spa_open(zc->zc_name, &spa, FTAG) == 0) { 392 if (spa_version(spa) >= SPA_VERSION_ZPOOL_HISTORY) 393 (void) spa_history_log(spa, buf); 394 spa_close(spa, FTAG); 395 } 396 history_str_free(buf); 397} 398 399/* 400 * Policy for top-level read operations (list pools). Requires no privileges, 401 * and can be used in the local zone, as there is no associated dataset. 402 */ 403/* ARGSUSED */ 404static int 405zfs_secpolicy_none(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 406{ 407 return (0); 408} 409 410/* 411 * Policy for dataset read operations (list children, get statistics). Requires 412 * no privileges, but must be visible in the local zone. 413 */ 414/* ARGSUSED */ 415static int 416zfs_secpolicy_read(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 417{ 418 if (INGLOBALZONE(curthread) || 419 zone_dataset_visible(zc->zc_name, NULL)) 420 return (0); 421 422 return (SET_ERROR(ENOENT)); 423} 424 425static int 426zfs_dozonecheck_impl(const char *dataset, uint64_t zoned, cred_t *cr) 427{ 428 int writable = 1; 429 430 /* 431 * The dataset must be visible by this zone -- check this first 432 * so they don't see EPERM on something they shouldn't know about. 433 */ 434 if (!INGLOBALZONE(curthread) && 435 !zone_dataset_visible(dataset, &writable)) 436 return (SET_ERROR(ENOENT)); 437 438 if (INGLOBALZONE(curthread)) { 439 /* 440 * If the fs is zoned, only root can access it from the 441 * global zone. 442 */ 443 if (secpolicy_zfs(cr) && zoned) 444 return (SET_ERROR(EPERM)); 445 } else { 446 /* 447 * If we are in a local zone, the 'zoned' property must be set. 448 */ 449 if (!zoned) 450 return (SET_ERROR(EPERM)); 451 452 /* must be writable by this zone */ 453 if (!writable) 454 return (SET_ERROR(EPERM)); 455 } 456 return (0); 457} 458 459static int 460zfs_dozonecheck(const char *dataset, cred_t *cr) 461{ 462 uint64_t zoned; 463 464 if (dsl_prop_get_integer(dataset, "jailed", &zoned, NULL)) 465 return (SET_ERROR(ENOENT)); 466 467 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 468} 469 470static int 471zfs_dozonecheck_ds(const char *dataset, dsl_dataset_t *ds, cred_t *cr) 472{ 473 uint64_t zoned; 474 475 if (dsl_prop_get_int_ds(ds, "jailed", &zoned)) 476 return (SET_ERROR(ENOENT)); 477 478 return (zfs_dozonecheck_impl(dataset, zoned, cr)); 479} 480 481static int 482zfs_secpolicy_write_perms_ds(const char *name, dsl_dataset_t *ds, 483 const char *perm, cred_t *cr) 484{ 485 int error; 486 487 error = zfs_dozonecheck_ds(name, ds, cr); 488 if (error == 0) { 489 error = secpolicy_zfs(cr); 490 if (error != 0) 491 error = dsl_deleg_access_impl(ds, perm, cr); 492 } 493 return (error); 494} 495 496static int 497zfs_secpolicy_write_perms(const char *name, const char *perm, cred_t *cr) 498{ 499 int error; 500 dsl_dataset_t *ds; 501 dsl_pool_t *dp; 502 503 /* 504 * First do a quick check for root in the global zone, which 505 * is allowed to do all write_perms. This ensures that zfs_ioc_* 506 * will get to handle nonexistent datasets. 507 */ 508 if (INGLOBALZONE(curthread) && secpolicy_zfs(cr) == 0) 509 return (0); 510 511 error = dsl_pool_hold(name, FTAG, &dp); 512 if (error != 0) 513 return (error); 514 515 error = dsl_dataset_hold(dp, name, FTAG, &ds); 516 if (error != 0) { 517 dsl_pool_rele(dp, FTAG); 518 return (error); 519 } 520 521 error = zfs_secpolicy_write_perms_ds(name, ds, perm, cr); 522 523 dsl_dataset_rele(ds, FTAG); 524 dsl_pool_rele(dp, FTAG); 525 return (error); 526} 527 528#ifdef SECLABEL 529/* 530 * Policy for setting the security label property. 531 * 532 * Returns 0 for success, non-zero for access and other errors. 533 */ 534static int 535zfs_set_slabel_policy(const char *name, char *strval, cred_t *cr) 536{ 537 char ds_hexsl[MAXNAMELEN]; 538 bslabel_t ds_sl, new_sl; 539 boolean_t new_default = FALSE; 540 uint64_t zoned; 541 int needed_priv = -1; 542 int error; 543 544 /* First get the existing dataset label. */ 545 error = dsl_prop_get(name, zfs_prop_to_name(ZFS_PROP_MLSLABEL), 546 1, sizeof (ds_hexsl), &ds_hexsl, NULL); 547 if (error != 0) 548 return (SET_ERROR(EPERM)); 549 550 if (strcasecmp(strval, ZFS_MLSLABEL_DEFAULT) == 0) 551 new_default = TRUE; 552 553 /* The label must be translatable */ 554 if (!new_default && (hexstr_to_label(strval, &new_sl) != 0)) 555 return (SET_ERROR(EINVAL)); 556 557 /* 558 * In a non-global zone, disallow attempts to set a label that 559 * doesn't match that of the zone; otherwise no other checks 560 * are needed. 561 */ 562 if (!INGLOBALZONE(curproc)) { 563 if (new_default || !blequal(&new_sl, CR_SL(CRED()))) 564 return (SET_ERROR(EPERM)); 565 return (0); 566 } 567 568 /* 569 * For global-zone datasets (i.e., those whose zoned property is 570 * "off", verify that the specified new label is valid for the 571 * global zone. 572 */ 573 if (dsl_prop_get_integer(name, 574 zfs_prop_to_name(ZFS_PROP_ZONED), &zoned, NULL)) 575 return (SET_ERROR(EPERM)); 576 if (!zoned) { 577 if (zfs_check_global_label(name, strval) != 0) 578 return (SET_ERROR(EPERM)); 579 } 580 581 /* 582 * If the existing dataset label is nondefault, check if the 583 * dataset is mounted (label cannot be changed while mounted). 584 * Get the zfsvfs; if there isn't one, then the dataset isn't 585 * mounted (or isn't a dataset, doesn't exist, ...). 586 */ 587 if (strcasecmp(ds_hexsl, ZFS_MLSLABEL_DEFAULT) != 0) { 588 objset_t *os; 589 static char *setsl_tag = "setsl_tag"; 590 591 /* 592 * Try to own the dataset; abort if there is any error, 593 * (e.g., already mounted, in use, or other error). 594 */ 595 error = dmu_objset_own(name, DMU_OST_ZFS, B_TRUE, 596 setsl_tag, &os); 597 if (error != 0) 598 return (SET_ERROR(EPERM)); 599 600 dmu_objset_disown(os, setsl_tag); 601 602 if (new_default) { 603 needed_priv = PRIV_FILE_DOWNGRADE_SL; 604 goto out_check; 605 } 606 607 if (hexstr_to_label(strval, &new_sl) != 0) 608 return (SET_ERROR(EPERM)); 609 610 if (blstrictdom(&ds_sl, &new_sl)) 611 needed_priv = PRIV_FILE_DOWNGRADE_SL; 612 else if (blstrictdom(&new_sl, &ds_sl)) 613 needed_priv = PRIV_FILE_UPGRADE_SL; 614 } else { 615 /* dataset currently has a default label */ 616 if (!new_default) 617 needed_priv = PRIV_FILE_UPGRADE_SL; 618 } 619 620out_check: 621 if (needed_priv != -1) 622 return (PRIV_POLICY(cr, needed_priv, B_FALSE, EPERM, NULL)); 623 return (0); 624} 625#endif /* SECLABEL */ 626 627static int 628zfs_secpolicy_setprop(const char *dsname, zfs_prop_t prop, nvpair_t *propval, 629 cred_t *cr) 630{ 631 char *strval; 632 633 /* 634 * Check permissions for special properties. 635 */ 636 switch (prop) { 637 case ZFS_PROP_ZONED: 638 /* 639 * Disallow setting of 'zoned' from within a local zone. 640 */ 641 if (!INGLOBALZONE(curthread)) 642 return (SET_ERROR(EPERM)); 643 break; 644 645 case ZFS_PROP_QUOTA: 646 case ZFS_PROP_FILESYSTEM_LIMIT: 647 case ZFS_PROP_SNAPSHOT_LIMIT: 648 if (!INGLOBALZONE(curthread)) { 649 uint64_t zoned; 650 char setpoint[ZFS_MAX_DATASET_NAME_LEN]; 651 /* 652 * Unprivileged users are allowed to modify the 653 * limit on things *under* (ie. contained by) 654 * the thing they own. 655 */ 656 if (dsl_prop_get_integer(dsname, "jailed", &zoned, 657 setpoint)) 658 return (SET_ERROR(EPERM)); 659 if (!zoned || strlen(dsname) <= strlen(setpoint)) 660 return (SET_ERROR(EPERM)); 661 } 662 break; 663 664 case ZFS_PROP_MLSLABEL: 665#ifdef SECLABEL 666 if (!is_system_labeled()) 667 return (SET_ERROR(EPERM)); 668 669 if (nvpair_value_string(propval, &strval) == 0) { 670 int err; 671 672 err = zfs_set_slabel_policy(dsname, strval, CRED()); 673 if (err != 0) 674 return (err); 675 } 676#else 677 return (EOPNOTSUPP); 678#endif 679 break; 680 } 681 682 return (zfs_secpolicy_write_perms(dsname, zfs_prop_to_name(prop), cr)); 683} 684 685/* ARGSUSED */ 686static int 687zfs_secpolicy_set_fsacl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 688{ 689 int error; 690 691 error = zfs_dozonecheck(zc->zc_name, cr); 692 if (error != 0) 693 return (error); 694 695 /* 696 * permission to set permissions will be evaluated later in 697 * dsl_deleg_can_allow() 698 */ 699 return (0); 700} 701 702/* ARGSUSED */ 703static int 704zfs_secpolicy_rollback(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 705{ 706 return (zfs_secpolicy_write_perms(zc->zc_name, 707 ZFS_DELEG_PERM_ROLLBACK, cr)); 708} 709 710/* ARGSUSED */ 711static int 712zfs_secpolicy_send(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 713{ 714 dsl_pool_t *dp; 715 dsl_dataset_t *ds; 716 char *cp; 717 int error; 718 719 /* 720 * Generate the current snapshot name from the given objsetid, then 721 * use that name for the secpolicy/zone checks. 722 */ 723 cp = strchr(zc->zc_name, '@'); 724 if (cp == NULL) 725 return (SET_ERROR(EINVAL)); 726 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 727 if (error != 0) 728 return (error); 729 730 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &ds); 731 if (error != 0) { 732 dsl_pool_rele(dp, FTAG); 733 return (error); 734 } 735 736 dsl_dataset_name(ds, zc->zc_name); 737 738 error = zfs_secpolicy_write_perms_ds(zc->zc_name, ds, 739 ZFS_DELEG_PERM_SEND, cr); 740 dsl_dataset_rele(ds, FTAG); 741 dsl_pool_rele(dp, FTAG); 742 743 return (error); 744} 745 746/* ARGSUSED */ 747static int 748zfs_secpolicy_send_new(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 749{ 750 return (zfs_secpolicy_write_perms(zc->zc_name, 751 ZFS_DELEG_PERM_SEND, cr)); 752} 753 754/* ARGSUSED */ 755static int 756zfs_secpolicy_deleg_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 757{ 758 vnode_t *vp; 759 int error; 760 761 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 762 NO_FOLLOW, NULL, &vp)) != 0) 763 return (error); 764 765 /* Now make sure mntpnt and dataset are ZFS */ 766 767 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 768 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 769 zc->zc_name) != 0)) { 770 VN_RELE(vp); 771 return (SET_ERROR(EPERM)); 772 } 773 774 VN_RELE(vp); 775 return (dsl_deleg_access(zc->zc_name, 776 ZFS_DELEG_PERM_SHARE, cr)); 777} 778 779int 780zfs_secpolicy_share(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 781{ 782 if (!INGLOBALZONE(curthread)) 783 return (SET_ERROR(EPERM)); 784 785 if (secpolicy_nfs(cr) == 0) { 786 return (0); 787 } else { 788 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 789 } 790} 791 792int 793zfs_secpolicy_smb_acl(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 794{ 795 if (!INGLOBALZONE(curthread)) 796 return (SET_ERROR(EPERM)); 797 798 if (secpolicy_smb(cr) == 0) { 799 return (0); 800 } else { 801 return (zfs_secpolicy_deleg_share(zc, innvl, cr)); 802 } 803} 804 805static int 806zfs_get_parent(const char *datasetname, char *parent, int parentsize) 807{ 808 char *cp; 809 810 /* 811 * Remove the @bla or /bla from the end of the name to get the parent. 812 */ 813 (void) strncpy(parent, datasetname, parentsize); 814 cp = strrchr(parent, '@'); 815 if (cp != NULL) { 816 cp[0] = '\0'; 817 } else { 818 cp = strrchr(parent, '/'); 819 if (cp == NULL) 820 return (SET_ERROR(ENOENT)); 821 cp[0] = '\0'; 822 } 823 824 return (0); 825} 826 827int 828zfs_secpolicy_destroy_perms(const char *name, cred_t *cr) 829{ 830 int error; 831 832 if ((error = zfs_secpolicy_write_perms(name, 833 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 834 return (error); 835 836 return (zfs_secpolicy_write_perms(name, ZFS_DELEG_PERM_DESTROY, cr)); 837} 838 839/* ARGSUSED */ 840static int 841zfs_secpolicy_destroy(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 842{ 843 return (zfs_secpolicy_destroy_perms(zc->zc_name, cr)); 844} 845 846/* 847 * Destroying snapshots with delegated permissions requires 848 * descendant mount and destroy permissions. 849 */ 850/* ARGSUSED */ 851static int 852zfs_secpolicy_destroy_snaps(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 853{ 854 nvlist_t *snaps; 855 nvpair_t *pair, *nextpair; 856 int error = 0; 857 858 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 859 return (SET_ERROR(EINVAL)); 860 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 861 pair = nextpair) { 862 nextpair = nvlist_next_nvpair(snaps, pair); 863 error = zfs_secpolicy_destroy_perms(nvpair_name(pair), cr); 864 if (error == ENOENT) { 865 /* 866 * Ignore any snapshots that don't exist (we consider 867 * them "already destroyed"). Remove the name from the 868 * nvl here in case the snapshot is created between 869 * now and when we try to destroy it (in which case 870 * we don't want to destroy it since we haven't 871 * checked for permission). 872 */ 873 fnvlist_remove_nvpair(snaps, pair); 874 error = 0; 875 } 876 if (error != 0) 877 break; 878 } 879 880 return (error); 881} 882 883int 884zfs_secpolicy_rename_perms(const char *from, const char *to, cred_t *cr) 885{ 886 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 887 int error; 888 889 if ((error = zfs_secpolicy_write_perms(from, 890 ZFS_DELEG_PERM_RENAME, cr)) != 0) 891 return (error); 892 893 if ((error = zfs_secpolicy_write_perms(from, 894 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 895 return (error); 896 897 if ((error = zfs_get_parent(to, parentname, 898 sizeof (parentname))) != 0) 899 return (error); 900 901 if ((error = zfs_secpolicy_write_perms(parentname, 902 ZFS_DELEG_PERM_CREATE, cr)) != 0) 903 return (error); 904 905 if ((error = zfs_secpolicy_write_perms(parentname, 906 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 907 return (error); 908 909 return (error); 910} 911 912/* ARGSUSED */ 913static int 914zfs_secpolicy_rename(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 915{ 916 char *at = NULL; 917 int error; 918 919 if ((zc->zc_cookie & 1) != 0) { 920 /* 921 * This is recursive rename, so the starting snapshot might 922 * not exist. Check file system or volume permission instead. 923 */ 924 at = strchr(zc->zc_name, '@'); 925 if (at == NULL) 926 return (EINVAL); 927 *at = '\0'; 928 } 929 930 error = zfs_secpolicy_rename_perms(zc->zc_name, zc->zc_value, cr); 931 932 if (at != NULL) 933 *at = '@'; 934 935 return (error); 936} 937 938/* ARGSUSED */ 939static int 940zfs_secpolicy_promote(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 941{ 942 dsl_pool_t *dp; 943 dsl_dataset_t *clone; 944 int error; 945 946 error = zfs_secpolicy_write_perms(zc->zc_name, 947 ZFS_DELEG_PERM_PROMOTE, cr); 948 if (error != 0) 949 return (error); 950 951 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 952 if (error != 0) 953 return (error); 954 955 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &clone); 956 957 if (error == 0) { 958 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 959 dsl_dataset_t *origin = NULL; 960 dsl_dir_t *dd; 961 dd = clone->ds_dir; 962 963 error = dsl_dataset_hold_obj(dd->dd_pool, 964 dsl_dir_phys(dd)->dd_origin_obj, FTAG, &origin); 965 if (error != 0) { 966 dsl_dataset_rele(clone, FTAG); 967 dsl_pool_rele(dp, FTAG); 968 return (error); 969 } 970 971 error = zfs_secpolicy_write_perms_ds(zc->zc_name, clone, 972 ZFS_DELEG_PERM_MOUNT, cr); 973 974 dsl_dataset_name(origin, parentname); 975 if (error == 0) { 976 error = zfs_secpolicy_write_perms_ds(parentname, origin, 977 ZFS_DELEG_PERM_PROMOTE, cr); 978 } 979 dsl_dataset_rele(clone, FTAG); 980 dsl_dataset_rele(origin, FTAG); 981 } 982 dsl_pool_rele(dp, FTAG); 983 return (error); 984} 985 986/* ARGSUSED */ 987static int 988zfs_secpolicy_recv(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 989{ 990 int error; 991 992 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 993 ZFS_DELEG_PERM_RECEIVE, cr)) != 0) 994 return (error); 995 996 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 997 ZFS_DELEG_PERM_MOUNT, cr)) != 0) 998 return (error); 999 1000 return (zfs_secpolicy_write_perms(zc->zc_name, 1001 ZFS_DELEG_PERM_CREATE, cr)); 1002} 1003 1004int 1005zfs_secpolicy_snapshot_perms(const char *name, cred_t *cr) 1006{ 1007 return (zfs_secpolicy_write_perms(name, 1008 ZFS_DELEG_PERM_SNAPSHOT, cr)); 1009} 1010 1011/* 1012 * Check for permission to create each snapshot in the nvlist. 1013 */ 1014/* ARGSUSED */ 1015static int 1016zfs_secpolicy_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1017{ 1018 nvlist_t *snaps; 1019 int error; 1020 nvpair_t *pair; 1021 1022 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 1023 return (SET_ERROR(EINVAL)); 1024 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 1025 pair = nvlist_next_nvpair(snaps, pair)) { 1026 char *name = nvpair_name(pair); 1027 char *atp = strchr(name, '@'); 1028 1029 if (atp == NULL) { 1030 error = SET_ERROR(EINVAL); 1031 break; 1032 } 1033 *atp = '\0'; 1034 error = zfs_secpolicy_snapshot_perms(name, cr); 1035 *atp = '@'; 1036 if (error != 0) 1037 break; 1038 } 1039 return (error); 1040} 1041 1042/* 1043 * Check for permission to create each snapshot in the nvlist. 1044 */ 1045/* ARGSUSED */ 1046static int 1047zfs_secpolicy_bookmark(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1048{ 1049 int error = 0; 1050 1051 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 1052 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 1053 char *name = nvpair_name(pair); 1054 char *hashp = strchr(name, '#'); 1055 1056 if (hashp == NULL) { 1057 error = SET_ERROR(EINVAL); 1058 break; 1059 } 1060 *hashp = '\0'; 1061 error = zfs_secpolicy_write_perms(name, 1062 ZFS_DELEG_PERM_BOOKMARK, cr); 1063 *hashp = '#'; 1064 if (error != 0) 1065 break; 1066 } 1067 return (error); 1068} 1069 1070/* ARGSUSED */ 1071static int 1072zfs_secpolicy_destroy_bookmarks(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1073{ 1074 nvpair_t *pair, *nextpair; 1075 int error = 0; 1076 1077 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1078 pair = nextpair) { 1079 char *name = nvpair_name(pair); 1080 char *hashp = strchr(name, '#'); 1081 nextpair = nvlist_next_nvpair(innvl, pair); 1082 1083 if (hashp == NULL) { 1084 error = SET_ERROR(EINVAL); 1085 break; 1086 } 1087 1088 *hashp = '\0'; 1089 error = zfs_secpolicy_write_perms(name, 1090 ZFS_DELEG_PERM_DESTROY, cr); 1091 *hashp = '#'; 1092 if (error == ENOENT) { 1093 /* 1094 * Ignore any filesystems that don't exist (we consider 1095 * their bookmarks "already destroyed"). Remove 1096 * the name from the nvl here in case the filesystem 1097 * is created between now and when we try to destroy 1098 * the bookmark (in which case we don't want to 1099 * destroy it since we haven't checked for permission). 1100 */ 1101 fnvlist_remove_nvpair(innvl, pair); 1102 error = 0; 1103 } 1104 if (error != 0) 1105 break; 1106 } 1107 1108 return (error); 1109} 1110 1111/* ARGSUSED */ 1112static int 1113zfs_secpolicy_log_history(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1114{ 1115 /* 1116 * Even root must have a proper TSD so that we know what pool 1117 * to log to. 1118 */ 1119 if (tsd_get(zfs_allow_log_key) == NULL) 1120 return (SET_ERROR(EPERM)); 1121 return (0); 1122} 1123 1124static int 1125zfs_secpolicy_create_clone(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1126{ 1127 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 1128 int error; 1129 char *origin; 1130 1131 if ((error = zfs_get_parent(zc->zc_name, parentname, 1132 sizeof (parentname))) != 0) 1133 return (error); 1134 1135 if (nvlist_lookup_string(innvl, "origin", &origin) == 0 && 1136 (error = zfs_secpolicy_write_perms(origin, 1137 ZFS_DELEG_PERM_CLONE, cr)) != 0) 1138 return (error); 1139 1140 if ((error = zfs_secpolicy_write_perms(parentname, 1141 ZFS_DELEG_PERM_CREATE, cr)) != 0) 1142 return (error); 1143 1144 return (zfs_secpolicy_write_perms(parentname, 1145 ZFS_DELEG_PERM_MOUNT, cr)); 1146} 1147 1148/* 1149 * Policy for pool operations - create/destroy pools, add vdevs, etc. Requires 1150 * SYS_CONFIG privilege, which is not available in a local zone. 1151 */ 1152/* ARGSUSED */ 1153static int 1154zfs_secpolicy_config(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1155{ 1156 if (secpolicy_sys_config(cr, B_FALSE) != 0) 1157 return (SET_ERROR(EPERM)); 1158 1159 return (0); 1160} 1161 1162/* 1163 * Policy for object to name lookups. 1164 */ 1165/* ARGSUSED */ 1166static int 1167zfs_secpolicy_diff(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1168{ 1169 int error; 1170 1171 if ((error = secpolicy_sys_config(cr, B_FALSE)) == 0) 1172 return (0); 1173 1174 error = zfs_secpolicy_write_perms(zc->zc_name, ZFS_DELEG_PERM_DIFF, cr); 1175 return (error); 1176} 1177 1178/* 1179 * Policy for fault injection. Requires all privileges. 1180 */ 1181/* ARGSUSED */ 1182static int 1183zfs_secpolicy_inject(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1184{ 1185 return (secpolicy_zinject(cr)); 1186} 1187 1188/* ARGSUSED */ 1189static int 1190zfs_secpolicy_inherit_prop(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1191{ 1192 zfs_prop_t prop = zfs_name_to_prop(zc->zc_value); 1193 1194 if (prop == ZPROP_INVAL) { 1195 if (!zfs_prop_user(zc->zc_value)) 1196 return (SET_ERROR(EINVAL)); 1197 return (zfs_secpolicy_write_perms(zc->zc_name, 1198 ZFS_DELEG_PERM_USERPROP, cr)); 1199 } else { 1200 return (zfs_secpolicy_setprop(zc->zc_name, prop, 1201 NULL, cr)); 1202 } 1203} 1204 1205static int 1206zfs_secpolicy_userspace_one(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1207{ 1208 int err = zfs_secpolicy_read(zc, innvl, cr); 1209 if (err) 1210 return (err); 1211 1212 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1213 return (SET_ERROR(EINVAL)); 1214 1215 if (zc->zc_value[0] == 0) { 1216 /* 1217 * They are asking about a posix uid/gid. If it's 1218 * themself, allow it. 1219 */ 1220 if (zc->zc_objset_type == ZFS_PROP_USERUSED || 1221 zc->zc_objset_type == ZFS_PROP_USERQUOTA) { 1222 if (zc->zc_guid == crgetuid(cr)) 1223 return (0); 1224 } else { 1225 if (groupmember(zc->zc_guid, cr)) 1226 return (0); 1227 } 1228 } 1229 1230 return (zfs_secpolicy_write_perms(zc->zc_name, 1231 userquota_perms[zc->zc_objset_type], cr)); 1232} 1233 1234static int 1235zfs_secpolicy_userspace_many(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1236{ 1237 int err = zfs_secpolicy_read(zc, innvl, cr); 1238 if (err) 1239 return (err); 1240 1241 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 1242 return (SET_ERROR(EINVAL)); 1243 1244 return (zfs_secpolicy_write_perms(zc->zc_name, 1245 userquota_perms[zc->zc_objset_type], cr)); 1246} 1247 1248/* ARGSUSED */ 1249static int 1250zfs_secpolicy_userspace_upgrade(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1251{ 1252 return (zfs_secpolicy_setprop(zc->zc_name, ZFS_PROP_VERSION, 1253 NULL, cr)); 1254} 1255 1256/* ARGSUSED */ 1257static int 1258zfs_secpolicy_hold(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1259{ 1260 nvpair_t *pair; 1261 nvlist_t *holds; 1262 int error; 1263 1264 error = nvlist_lookup_nvlist(innvl, "holds", &holds); 1265 if (error != 0) 1266 return (SET_ERROR(EINVAL)); 1267 1268 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 1269 pair = nvlist_next_nvpair(holds, pair)) { 1270 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1271 error = dmu_fsname(nvpair_name(pair), fsname); 1272 if (error != 0) 1273 return (error); 1274 error = zfs_secpolicy_write_perms(fsname, 1275 ZFS_DELEG_PERM_HOLD, cr); 1276 if (error != 0) 1277 return (error); 1278 } 1279 return (0); 1280} 1281 1282/* ARGSUSED */ 1283static int 1284zfs_secpolicy_release(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1285{ 1286 nvpair_t *pair; 1287 int error; 1288 1289 for (pair = nvlist_next_nvpair(innvl, NULL); pair != NULL; 1290 pair = nvlist_next_nvpair(innvl, pair)) { 1291 char fsname[ZFS_MAX_DATASET_NAME_LEN]; 1292 error = dmu_fsname(nvpair_name(pair), fsname); 1293 if (error != 0) 1294 return (error); 1295 error = zfs_secpolicy_write_perms(fsname, 1296 ZFS_DELEG_PERM_RELEASE, cr); 1297 if (error != 0) 1298 return (error); 1299 } 1300 return (0); 1301} 1302 1303/* 1304 * Policy for allowing temporary snapshots to be taken or released 1305 */ 1306static int 1307zfs_secpolicy_tmp_snapshot(zfs_cmd_t *zc, nvlist_t *innvl, cred_t *cr) 1308{ 1309 /* 1310 * A temporary snapshot is the same as a snapshot, 1311 * hold, destroy and release all rolled into one. 1312 * Delegated diff alone is sufficient that we allow this. 1313 */ 1314 int error; 1315 1316 if ((error = zfs_secpolicy_write_perms(zc->zc_name, 1317 ZFS_DELEG_PERM_DIFF, cr)) == 0) 1318 return (0); 1319 1320 error = zfs_secpolicy_snapshot_perms(zc->zc_name, cr); 1321 if (error == 0) 1322 error = zfs_secpolicy_hold(zc, innvl, cr); 1323 if (error == 0) 1324 error = zfs_secpolicy_release(zc, innvl, cr); 1325 if (error == 0) 1326 error = zfs_secpolicy_destroy(zc, innvl, cr); 1327 return (error); 1328} 1329 1330/* 1331 * Returns the nvlist as specified by the user in the zfs_cmd_t. 1332 */ 1333static int 1334get_nvlist(uint64_t nvl, uint64_t size, int iflag, nvlist_t **nvp) 1335{ 1336 char *packed; 1337 int error; 1338 nvlist_t *list = NULL; 1339 1340 /* 1341 * Read in and unpack the user-supplied nvlist. 1342 */ 1343 if (size == 0) 1344 return (SET_ERROR(EINVAL)); 1345 1346 packed = kmem_alloc(size, KM_SLEEP); 1347 1348 if ((error = ddi_copyin((void *)(uintptr_t)nvl, packed, size, 1349 iflag)) != 0) { 1350 kmem_free(packed, size); 1351 return (SET_ERROR(EFAULT)); 1352 } 1353 1354 if ((error = nvlist_unpack(packed, size, &list, 0)) != 0) { 1355 kmem_free(packed, size); 1356 return (error); 1357 } 1358 1359 kmem_free(packed, size); 1360 1361 *nvp = list; 1362 return (0); 1363} 1364 1365/* 1366 * Reduce the size of this nvlist until it can be serialized in 'max' bytes. 1367 * Entries will be removed from the end of the nvlist, and one int32 entry 1368 * named "N_MORE_ERRORS" will be added indicating how many entries were 1369 * removed. 1370 */ 1371static int 1372nvlist_smush(nvlist_t *errors, size_t max) 1373{ 1374 size_t size; 1375 1376 size = fnvlist_size(errors); 1377 1378 if (size > max) { 1379 nvpair_t *more_errors; 1380 int n = 0; 1381 1382 if (max < 1024) 1383 return (SET_ERROR(ENOMEM)); 1384 1385 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, 0); 1386 more_errors = nvlist_prev_nvpair(errors, NULL); 1387 1388 do { 1389 nvpair_t *pair = nvlist_prev_nvpair(errors, 1390 more_errors); 1391 fnvlist_remove_nvpair(errors, pair); 1392 n++; 1393 size = fnvlist_size(errors); 1394 } while (size > max); 1395 1396 fnvlist_remove_nvpair(errors, more_errors); 1397 fnvlist_add_int32(errors, ZPROP_N_MORE_ERRORS, n); 1398 ASSERT3U(fnvlist_size(errors), <=, max); 1399 } 1400 1401 return (0); 1402} 1403 1404static int 1405put_nvlist(zfs_cmd_t *zc, nvlist_t *nvl) 1406{ 1407 char *packed = NULL; 1408 int error = 0; 1409 size_t size; 1410 1411 size = fnvlist_size(nvl); 1412 1413 if (size > zc->zc_nvlist_dst_size) { 1414 /* 1415 * Solaris returns ENOMEM here, because even if an error is 1416 * returned from an ioctl(2), new zc_nvlist_dst_size will be 1417 * passed to the userland. This is not the case for FreeBSD. 1418 * We need to return 0, so the kernel will copy the 1419 * zc_nvlist_dst_size back and the userland can discover that a 1420 * bigger buffer is needed. 1421 */ 1422 error = 0; 1423 } else { 1424 packed = fnvlist_pack(nvl, &size); 1425 if (ddi_copyout(packed, (void *)(uintptr_t)zc->zc_nvlist_dst, 1426 size, zc->zc_iflags) != 0) 1427 error = SET_ERROR(EFAULT); 1428 fnvlist_pack_free(packed, size); 1429 } 1430 1431 zc->zc_nvlist_dst_size = size; 1432 zc->zc_nvlist_dst_filled = B_TRUE; 1433 return (error); 1434} 1435 1436static int 1437getzfsvfs(const char *dsname, zfsvfs_t **zfvp) 1438{ 1439 objset_t *os; 1440 vfs_t *vfsp; 1441 int error; 1442 1443 error = dmu_objset_hold(dsname, FTAG, &os); 1444 if (error != 0) 1445 return (error); 1446 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1447 dmu_objset_rele(os, FTAG); 1448 return (SET_ERROR(EINVAL)); 1449 } 1450 1451 mutex_enter(&os->os_user_ptr_lock); 1452 *zfvp = dmu_objset_get_user(os); 1453 if (*zfvp) { 1454 vfsp = (*zfvp)->z_vfs; 1455 vfs_ref(vfsp); 1456 } else { 1457 error = SET_ERROR(ESRCH); 1458 } 1459 mutex_exit(&os->os_user_ptr_lock); 1460 dmu_objset_rele(os, FTAG); 1461 if (error == 0) { 1462 error = vfs_busy(vfsp, 0); 1463 vfs_rel(vfsp); 1464 if (error != 0) { 1465 *zfvp = NULL; 1466 error = SET_ERROR(ESRCH); 1467 } 1468 } 1469 return (error); 1470} 1471 1472/* 1473 * Find a zfsvfs_t for a mounted filesystem, or create our own, in which 1474 * case its z_vfs will be NULL, and it will be opened as the owner. 1475 * If 'writer' is set, the z_teardown_lock will be held for RW_WRITER, 1476 * which prevents all vnode ops from running. 1477 */ 1478static int 1479zfsvfs_hold(const char *name, void *tag, zfsvfs_t **zfvp, boolean_t writer) 1480{ 1481 int error = 0; 1482 1483 if (getzfsvfs(name, zfvp) != 0) 1484 error = zfsvfs_create(name, zfvp); 1485 if (error == 0) { 1486 rrm_enter(&(*zfvp)->z_teardown_lock, (writer) ? RW_WRITER : 1487 RW_READER, tag); 1488#ifdef illumos 1489 if ((*zfvp)->z_unmounted) { 1490 /* 1491 * XXX we could probably try again, since the unmounting 1492 * thread should be just about to disassociate the 1493 * objset from the zfsvfs. 1494 */ 1495 rrm_exit(&(*zfvp)->z_teardown_lock, tag); 1496 return (SET_ERROR(EBUSY)); 1497 } 1498#else 1499 /* 1500 * vfs_busy() ensures that the filesystem is not and 1501 * can not be unmounted. 1502 */ 1503 ASSERT(!(*zfvp)->z_unmounted); 1504#endif 1505 } 1506 return (error); 1507} 1508 1509static void 1510zfsvfs_rele(zfsvfs_t *zfsvfs, void *tag) 1511{ 1512 rrm_exit(&zfsvfs->z_teardown_lock, tag); 1513 1514 if (zfsvfs->z_vfs) { 1515#ifdef illumos 1516 VFS_RELE(zfsvfs->z_vfs); 1517#else 1518 vfs_unbusy(zfsvfs->z_vfs); 1519#endif 1520 } else { 1521 dmu_objset_disown(zfsvfs->z_os, zfsvfs); 1522 zfsvfs_free(zfsvfs); 1523 } 1524} 1525 1526static int 1527zfs_ioc_pool_create(zfs_cmd_t *zc) 1528{ 1529 int error; 1530 nvlist_t *config, *props = NULL; 1531 nvlist_t *rootprops = NULL; 1532 nvlist_t *zplprops = NULL; 1533 1534 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1535 zc->zc_iflags, &config)) 1536 return (error); 1537 1538 if (zc->zc_nvlist_src_size != 0 && (error = 1539 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1540 zc->zc_iflags, &props))) { 1541 nvlist_free(config); 1542 return (error); 1543 } 1544 1545 if (props) { 1546 nvlist_t *nvl = NULL; 1547 uint64_t version = SPA_VERSION; 1548 1549 (void) nvlist_lookup_uint64(props, 1550 zpool_prop_to_name(ZPOOL_PROP_VERSION), &version); 1551 if (!SPA_VERSION_IS_SUPPORTED(version)) { 1552 error = SET_ERROR(EINVAL); 1553 goto pool_props_bad; 1554 } 1555 (void) nvlist_lookup_nvlist(props, ZPOOL_ROOTFS_PROPS, &nvl); 1556 if (nvl) { 1557 error = nvlist_dup(nvl, &rootprops, KM_SLEEP); 1558 if (error != 0) { 1559 nvlist_free(config); 1560 nvlist_free(props); 1561 return (error); 1562 } 1563 (void) nvlist_remove_all(props, ZPOOL_ROOTFS_PROPS); 1564 } 1565 VERIFY(nvlist_alloc(&zplprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 1566 error = zfs_fill_zplprops_root(version, rootprops, 1567 zplprops, NULL); 1568 if (error != 0) 1569 goto pool_props_bad; 1570 } 1571 1572 error = spa_create(zc->zc_name, config, props, zplprops); 1573 1574 /* 1575 * Set the remaining root properties 1576 */ 1577 if (!error && (error = zfs_set_prop_nvlist(zc->zc_name, 1578 ZPROP_SRC_LOCAL, rootprops, NULL)) != 0) 1579 (void) spa_destroy(zc->zc_name); 1580 1581pool_props_bad: 1582 nvlist_free(rootprops); 1583 nvlist_free(zplprops); 1584 nvlist_free(config); 1585 nvlist_free(props); 1586 1587 return (error); 1588} 1589 1590static int 1591zfs_ioc_pool_destroy(zfs_cmd_t *zc) 1592{ 1593 int error; 1594 zfs_log_history(zc); 1595 error = spa_destroy(zc->zc_name); 1596 if (error == 0) 1597 zvol_remove_minors(zc->zc_name); 1598 return (error); 1599} 1600 1601static int 1602zfs_ioc_pool_import(zfs_cmd_t *zc) 1603{ 1604 nvlist_t *config, *props = NULL; 1605 uint64_t guid; 1606 int error; 1607 1608 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1609 zc->zc_iflags, &config)) != 0) 1610 return (error); 1611 1612 if (zc->zc_nvlist_src_size != 0 && (error = 1613 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 1614 zc->zc_iflags, &props))) { 1615 nvlist_free(config); 1616 return (error); 1617 } 1618 1619 if (nvlist_lookup_uint64(config, ZPOOL_CONFIG_POOL_GUID, &guid) != 0 || 1620 guid != zc->zc_guid) 1621 error = SET_ERROR(EINVAL); 1622 else 1623 error = spa_import(zc->zc_name, config, props, zc->zc_cookie); 1624 1625 if (zc->zc_nvlist_dst != 0) { 1626 int err; 1627 1628 if ((err = put_nvlist(zc, config)) != 0) 1629 error = err; 1630 } 1631 1632 nvlist_free(config); 1633 1634 nvlist_free(props); 1635 1636 return (error); 1637} 1638 1639static int 1640zfs_ioc_pool_export(zfs_cmd_t *zc) 1641{ 1642 int error; 1643 boolean_t force = (boolean_t)zc->zc_cookie; 1644 boolean_t hardforce = (boolean_t)zc->zc_guid; 1645 1646 zfs_log_history(zc); 1647 error = spa_export(zc->zc_name, NULL, force, hardforce); 1648 if (error == 0) 1649 zvol_remove_minors(zc->zc_name); 1650 return (error); 1651} 1652 1653static int 1654zfs_ioc_pool_configs(zfs_cmd_t *zc) 1655{ 1656 nvlist_t *configs; 1657 int error; 1658 1659 if ((configs = spa_all_configs(&zc->zc_cookie)) == NULL) 1660 return (SET_ERROR(EEXIST)); 1661 1662 error = put_nvlist(zc, configs); 1663 1664 nvlist_free(configs); 1665 1666 return (error); 1667} 1668 1669/* 1670 * inputs: 1671 * zc_name name of the pool 1672 * 1673 * outputs: 1674 * zc_cookie real errno 1675 * zc_nvlist_dst config nvlist 1676 * zc_nvlist_dst_size size of config nvlist 1677 */ 1678static int 1679zfs_ioc_pool_stats(zfs_cmd_t *zc) 1680{ 1681 nvlist_t *config; 1682 int error; 1683 int ret = 0; 1684 1685 error = spa_get_stats(zc->zc_name, &config, zc->zc_value, 1686 sizeof (zc->zc_value)); 1687 1688 if (config != NULL) { 1689 ret = put_nvlist(zc, config); 1690 nvlist_free(config); 1691 1692 /* 1693 * The config may be present even if 'error' is non-zero. 1694 * In this case we return success, and preserve the real errno 1695 * in 'zc_cookie'. 1696 */ 1697 zc->zc_cookie = error; 1698 } else { 1699 ret = error; 1700 } 1701 1702 return (ret); 1703} 1704 1705/* 1706 * Try to import the given pool, returning pool stats as appropriate so that 1707 * user land knows which devices are available and overall pool health. 1708 */ 1709static int 1710zfs_ioc_pool_tryimport(zfs_cmd_t *zc) 1711{ 1712 nvlist_t *tryconfig, *config; 1713 int error; 1714 1715 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1716 zc->zc_iflags, &tryconfig)) != 0) 1717 return (error); 1718 1719 config = spa_tryimport(tryconfig); 1720 1721 nvlist_free(tryconfig); 1722 1723 if (config == NULL) 1724 return (SET_ERROR(EINVAL)); 1725 1726 error = put_nvlist(zc, config); 1727 nvlist_free(config); 1728 1729 return (error); 1730} 1731 1732/* 1733 * inputs: 1734 * zc_name name of the pool 1735 * zc_cookie scan func (pool_scan_func_t) 1736 */ 1737static int 1738zfs_ioc_pool_scan(zfs_cmd_t *zc) 1739{ 1740 spa_t *spa; 1741 int error; 1742 1743 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1744 return (error); 1745 1746 if (zc->zc_cookie == POOL_SCAN_NONE) 1747 error = spa_scan_stop(spa); 1748 else 1749 error = spa_scan(spa, zc->zc_cookie); 1750 1751 spa_close(spa, FTAG); 1752 1753 return (error); 1754} 1755 1756static int 1757zfs_ioc_pool_freeze(zfs_cmd_t *zc) 1758{ 1759 spa_t *spa; 1760 int error; 1761 1762 error = spa_open(zc->zc_name, &spa, FTAG); 1763 if (error == 0) { 1764 spa_freeze(spa); 1765 spa_close(spa, FTAG); 1766 } 1767 return (error); 1768} 1769 1770static int 1771zfs_ioc_pool_upgrade(zfs_cmd_t *zc) 1772{ 1773 spa_t *spa; 1774 int error; 1775 1776 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1777 return (error); 1778 1779 if (zc->zc_cookie < spa_version(spa) || 1780 !SPA_VERSION_IS_SUPPORTED(zc->zc_cookie)) { 1781 spa_close(spa, FTAG); 1782 return (SET_ERROR(EINVAL)); 1783 } 1784 1785 spa_upgrade(spa, zc->zc_cookie); 1786 spa_close(spa, FTAG); 1787 1788 return (error); 1789} 1790 1791static int 1792zfs_ioc_pool_get_history(zfs_cmd_t *zc) 1793{ 1794 spa_t *spa; 1795 char *hist_buf; 1796 uint64_t size; 1797 int error; 1798 1799 if ((size = zc->zc_history_len) == 0) 1800 return (SET_ERROR(EINVAL)); 1801 1802 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1803 return (error); 1804 1805 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 1806 spa_close(spa, FTAG); 1807 return (SET_ERROR(ENOTSUP)); 1808 } 1809 1810 hist_buf = kmem_alloc(size, KM_SLEEP); 1811 if ((error = spa_history_get(spa, &zc->zc_history_offset, 1812 &zc->zc_history_len, hist_buf)) == 0) { 1813 error = ddi_copyout(hist_buf, 1814 (void *)(uintptr_t)zc->zc_history, 1815 zc->zc_history_len, zc->zc_iflags); 1816 } 1817 1818 spa_close(spa, FTAG); 1819 kmem_free(hist_buf, size); 1820 return (error); 1821} 1822 1823static int 1824zfs_ioc_pool_reguid(zfs_cmd_t *zc) 1825{ 1826 spa_t *spa; 1827 int error; 1828 1829 error = spa_open(zc->zc_name, &spa, FTAG); 1830 if (error == 0) { 1831 error = spa_change_guid(spa); 1832 spa_close(spa, FTAG); 1833 } 1834 return (error); 1835} 1836 1837static int 1838zfs_ioc_dsobj_to_dsname(zfs_cmd_t *zc) 1839{ 1840 return (dsl_dsobj_to_dsname(zc->zc_name, zc->zc_obj, zc->zc_value)); 1841} 1842 1843/* 1844 * inputs: 1845 * zc_name name of filesystem 1846 * zc_obj object to find 1847 * 1848 * outputs: 1849 * zc_value name of object 1850 */ 1851static int 1852zfs_ioc_obj_to_path(zfs_cmd_t *zc) 1853{ 1854 objset_t *os; 1855 int error; 1856 1857 /* XXX reading from objset not owned */ 1858 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1859 return (error); 1860 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1861 dmu_objset_rele(os, FTAG); 1862 return (SET_ERROR(EINVAL)); 1863 } 1864 error = zfs_obj_to_path(os, zc->zc_obj, zc->zc_value, 1865 sizeof (zc->zc_value)); 1866 dmu_objset_rele(os, FTAG); 1867 1868 return (error); 1869} 1870 1871/* 1872 * inputs: 1873 * zc_name name of filesystem 1874 * zc_obj object to find 1875 * 1876 * outputs: 1877 * zc_stat stats on object 1878 * zc_value path to object 1879 */ 1880static int 1881zfs_ioc_obj_to_stats(zfs_cmd_t *zc) 1882{ 1883 objset_t *os; 1884 int error; 1885 1886 /* XXX reading from objset not owned */ 1887 if ((error = dmu_objset_hold(zc->zc_name, FTAG, &os)) != 0) 1888 return (error); 1889 if (dmu_objset_type(os) != DMU_OST_ZFS) { 1890 dmu_objset_rele(os, FTAG); 1891 return (SET_ERROR(EINVAL)); 1892 } 1893 error = zfs_obj_to_stats(os, zc->zc_obj, &zc->zc_stat, zc->zc_value, 1894 sizeof (zc->zc_value)); 1895 dmu_objset_rele(os, FTAG); 1896 1897 return (error); 1898} 1899 1900static int 1901zfs_ioc_vdev_add(zfs_cmd_t *zc) 1902{ 1903 spa_t *spa; 1904 int error; 1905 nvlist_t *config, **l2cache, **spares; 1906 uint_t nl2cache = 0, nspares = 0; 1907 1908 error = spa_open(zc->zc_name, &spa, FTAG); 1909 if (error != 0) 1910 return (error); 1911 1912 error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 1913 zc->zc_iflags, &config); 1914 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_L2CACHE, 1915 &l2cache, &nl2cache); 1916 1917 (void) nvlist_lookup_nvlist_array(config, ZPOOL_CONFIG_SPARES, 1918 &spares, &nspares); 1919 1920#ifdef illumos 1921 /* 1922 * A root pool with concatenated devices is not supported. 1923 * Thus, can not add a device to a root pool. 1924 * 1925 * Intent log device can not be added to a rootpool because 1926 * during mountroot, zil is replayed, a seperated log device 1927 * can not be accessed during the mountroot time. 1928 * 1929 * l2cache and spare devices are ok to be added to a rootpool. 1930 */ 1931 if (spa_bootfs(spa) != 0 && nl2cache == 0 && nspares == 0) { 1932 nvlist_free(config); 1933 spa_close(spa, FTAG); 1934 return (SET_ERROR(EDOM)); 1935 } 1936#endif /* illumos */ 1937 1938 if (error == 0) { 1939 error = spa_vdev_add(spa, config); 1940 nvlist_free(config); 1941 } 1942 spa_close(spa, FTAG); 1943 return (error); 1944} 1945 1946/* 1947 * inputs: 1948 * zc_name name of the pool 1949 * zc_nvlist_conf nvlist of devices to remove 1950 * zc_cookie to stop the remove? 1951 */ 1952static int 1953zfs_ioc_vdev_remove(zfs_cmd_t *zc) 1954{ 1955 spa_t *spa; 1956 int error; 1957 1958 error = spa_open(zc->zc_name, &spa, FTAG); 1959 if (error != 0) 1960 return (error); 1961 error = spa_vdev_remove(spa, zc->zc_guid, B_FALSE); 1962 spa_close(spa, FTAG); 1963 return (error); 1964} 1965 1966static int 1967zfs_ioc_vdev_set_state(zfs_cmd_t *zc) 1968{ 1969 spa_t *spa; 1970 int error; 1971 vdev_state_t newstate = VDEV_STATE_UNKNOWN; 1972 1973 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 1974 return (error); 1975 switch (zc->zc_cookie) { 1976 case VDEV_STATE_ONLINE: 1977 error = vdev_online(spa, zc->zc_guid, zc->zc_obj, &newstate); 1978 break; 1979 1980 case VDEV_STATE_OFFLINE: 1981 error = vdev_offline(spa, zc->zc_guid, zc->zc_obj); 1982 break; 1983 1984 case VDEV_STATE_FAULTED: 1985 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1986 zc->zc_obj != VDEV_AUX_EXTERNAL) 1987 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1988 1989 error = vdev_fault(spa, zc->zc_guid, zc->zc_obj); 1990 break; 1991 1992 case VDEV_STATE_DEGRADED: 1993 if (zc->zc_obj != VDEV_AUX_ERR_EXCEEDED && 1994 zc->zc_obj != VDEV_AUX_EXTERNAL) 1995 zc->zc_obj = VDEV_AUX_ERR_EXCEEDED; 1996 1997 error = vdev_degrade(spa, zc->zc_guid, zc->zc_obj); 1998 break; 1999 2000 default: 2001 error = SET_ERROR(EINVAL); 2002 } 2003 zc->zc_cookie = newstate; 2004 spa_close(spa, FTAG); 2005 return (error); 2006} 2007 2008static int 2009zfs_ioc_vdev_attach(zfs_cmd_t *zc) 2010{ 2011 spa_t *spa; 2012 int replacing = zc->zc_cookie; 2013 nvlist_t *config; 2014 int error; 2015 2016 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2017 return (error); 2018 2019 if ((error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2020 zc->zc_iflags, &config)) == 0) { 2021 error = spa_vdev_attach(spa, zc->zc_guid, config, replacing); 2022 nvlist_free(config); 2023 } 2024 2025 spa_close(spa, FTAG); 2026 return (error); 2027} 2028 2029static int 2030zfs_ioc_vdev_detach(zfs_cmd_t *zc) 2031{ 2032 spa_t *spa; 2033 int error; 2034 2035 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2036 return (error); 2037 2038 error = spa_vdev_detach(spa, zc->zc_guid, 0, B_FALSE); 2039 2040 spa_close(spa, FTAG); 2041 return (error); 2042} 2043 2044static int 2045zfs_ioc_vdev_split(zfs_cmd_t *zc) 2046{ 2047 spa_t *spa; 2048 nvlist_t *config, *props = NULL; 2049 int error; 2050 boolean_t exp = !!(zc->zc_cookie & ZPOOL_EXPORT_AFTER_SPLIT); 2051 2052 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 2053 return (error); 2054 2055 if (error = get_nvlist(zc->zc_nvlist_conf, zc->zc_nvlist_conf_size, 2056 zc->zc_iflags, &config)) { 2057 spa_close(spa, FTAG); 2058 return (error); 2059 } 2060 2061 if (zc->zc_nvlist_src_size != 0 && (error = 2062 get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2063 zc->zc_iflags, &props))) { 2064 spa_close(spa, FTAG); 2065 nvlist_free(config); 2066 return (error); 2067 } 2068 2069 error = spa_vdev_split_mirror(spa, zc->zc_string, config, props, exp); 2070 2071 spa_close(spa, FTAG); 2072 2073 nvlist_free(config); 2074 nvlist_free(props); 2075 2076 return (error); 2077} 2078 2079static int 2080zfs_ioc_vdev_setpath(zfs_cmd_t *zc) 2081{ 2082 spa_t *spa; 2083 char *path = zc->zc_value; 2084 uint64_t guid = zc->zc_guid; 2085 int error; 2086 2087 error = spa_open(zc->zc_name, &spa, FTAG); 2088 if (error != 0) 2089 return (error); 2090 2091 error = spa_vdev_setpath(spa, guid, path); 2092 spa_close(spa, FTAG); 2093 return (error); 2094} 2095 2096static int 2097zfs_ioc_vdev_setfru(zfs_cmd_t *zc) 2098{ 2099 spa_t *spa; 2100 char *fru = zc->zc_value; 2101 uint64_t guid = zc->zc_guid; 2102 int error; 2103 2104 error = spa_open(zc->zc_name, &spa, FTAG); 2105 if (error != 0) 2106 return (error); 2107 2108 error = spa_vdev_setfru(spa, guid, fru); 2109 spa_close(spa, FTAG); 2110 return (error); 2111} 2112 2113static int 2114zfs_ioc_objset_stats_impl(zfs_cmd_t *zc, objset_t *os) 2115{ 2116 int error = 0; 2117 nvlist_t *nv; 2118 2119 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2120 2121 if (zc->zc_nvlist_dst != 0 && 2122 (error = dsl_prop_get_all(os, &nv)) == 0) { 2123 dmu_objset_stats(os, nv); 2124 /* 2125 * NB: zvol_get_stats() will read the objset contents, 2126 * which we aren't supposed to do with a 2127 * DS_MODE_USER hold, because it could be 2128 * inconsistent. So this is a bit of a workaround... 2129 * XXX reading with out owning 2130 */ 2131 if (!zc->zc_objset_stats.dds_inconsistent && 2132 dmu_objset_type(os) == DMU_OST_ZVOL) { 2133 error = zvol_get_stats(os, nv); 2134 if (error == EIO) 2135 return (error); 2136 VERIFY0(error); 2137 } 2138 error = put_nvlist(zc, nv); 2139 nvlist_free(nv); 2140 } 2141 2142 return (error); 2143} 2144 2145/* 2146 * inputs: 2147 * zc_name name of filesystem 2148 * zc_nvlist_dst_size size of buffer for property nvlist 2149 * 2150 * outputs: 2151 * zc_objset_stats stats 2152 * zc_nvlist_dst property nvlist 2153 * zc_nvlist_dst_size size of property nvlist 2154 */ 2155static int 2156zfs_ioc_objset_stats(zfs_cmd_t *zc) 2157{ 2158 objset_t *os; 2159 int error; 2160 2161 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2162 if (error == 0) { 2163 error = zfs_ioc_objset_stats_impl(zc, os); 2164 dmu_objset_rele(os, FTAG); 2165 } 2166 2167 if (error == ENOMEM) 2168 error = 0; 2169 return (error); 2170} 2171 2172/* 2173 * inputs: 2174 * zc_name name of filesystem 2175 * zc_nvlist_dst_size size of buffer for property nvlist 2176 * 2177 * outputs: 2178 * zc_nvlist_dst received property nvlist 2179 * zc_nvlist_dst_size size of received property nvlist 2180 * 2181 * Gets received properties (distinct from local properties on or after 2182 * SPA_VERSION_RECVD_PROPS) for callers who want to differentiate received from 2183 * local property values. 2184 */ 2185static int 2186zfs_ioc_objset_recvd_props(zfs_cmd_t *zc) 2187{ 2188 int error = 0; 2189 nvlist_t *nv; 2190 2191 /* 2192 * Without this check, we would return local property values if the 2193 * caller has not already received properties on or after 2194 * SPA_VERSION_RECVD_PROPS. 2195 */ 2196 if (!dsl_prop_get_hasrecvd(zc->zc_name)) 2197 return (SET_ERROR(ENOTSUP)); 2198 2199 if (zc->zc_nvlist_dst != 0 && 2200 (error = dsl_prop_get_received(zc->zc_name, &nv)) == 0) { 2201 error = put_nvlist(zc, nv); 2202 nvlist_free(nv); 2203 } 2204 2205 return (error); 2206} 2207 2208static int 2209nvl_add_zplprop(objset_t *os, nvlist_t *props, zfs_prop_t prop) 2210{ 2211 uint64_t value; 2212 int error; 2213 2214 /* 2215 * zfs_get_zplprop() will either find a value or give us 2216 * the default value (if there is one). 2217 */ 2218 if ((error = zfs_get_zplprop(os, prop, &value)) != 0) 2219 return (error); 2220 VERIFY(nvlist_add_uint64(props, zfs_prop_to_name(prop), value) == 0); 2221 return (0); 2222} 2223 2224/* 2225 * inputs: 2226 * zc_name name of filesystem 2227 * zc_nvlist_dst_size size of buffer for zpl property nvlist 2228 * 2229 * outputs: 2230 * zc_nvlist_dst zpl property nvlist 2231 * zc_nvlist_dst_size size of zpl property nvlist 2232 */ 2233static int 2234zfs_ioc_objset_zplprops(zfs_cmd_t *zc) 2235{ 2236 objset_t *os; 2237 int err; 2238 2239 /* XXX reading without owning */ 2240 if (err = dmu_objset_hold(zc->zc_name, FTAG, &os)) 2241 return (err); 2242 2243 dmu_objset_fast_stat(os, &zc->zc_objset_stats); 2244 2245 /* 2246 * NB: nvl_add_zplprop() will read the objset contents, 2247 * which we aren't supposed to do with a DS_MODE_USER 2248 * hold, because it could be inconsistent. 2249 */ 2250 if (zc->zc_nvlist_dst != 0 && 2251 !zc->zc_objset_stats.dds_inconsistent && 2252 dmu_objset_type(os) == DMU_OST_ZFS) { 2253 nvlist_t *nv; 2254 2255 VERIFY(nvlist_alloc(&nv, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2256 if ((err = nvl_add_zplprop(os, nv, ZFS_PROP_VERSION)) == 0 && 2257 (err = nvl_add_zplprop(os, nv, ZFS_PROP_NORMALIZE)) == 0 && 2258 (err = nvl_add_zplprop(os, nv, ZFS_PROP_UTF8ONLY)) == 0 && 2259 (err = nvl_add_zplprop(os, nv, ZFS_PROP_CASE)) == 0) 2260 err = put_nvlist(zc, nv); 2261 nvlist_free(nv); 2262 } else { 2263 err = SET_ERROR(ENOENT); 2264 } 2265 dmu_objset_rele(os, FTAG); 2266 return (err); 2267} 2268 2269boolean_t 2270dataset_name_hidden(const char *name) 2271{ 2272 /* 2273 * Skip over datasets that are not visible in this zone, 2274 * internal datasets (which have a $ in their name), and 2275 * temporary datasets (which have a % in their name). 2276 */ 2277 if (strchr(name, '$') != NULL) 2278 return (B_TRUE); 2279 if (strchr(name, '%') != NULL) 2280 return (B_TRUE); 2281 if (!INGLOBALZONE(curthread) && !zone_dataset_visible(name, NULL)) 2282 return (B_TRUE); 2283 return (B_FALSE); 2284} 2285 2286/* 2287 * inputs: 2288 * zc_name name of filesystem 2289 * zc_cookie zap cursor 2290 * zc_nvlist_dst_size size of buffer for property nvlist 2291 * 2292 * outputs: 2293 * zc_name name of next filesystem 2294 * zc_cookie zap cursor 2295 * zc_objset_stats stats 2296 * zc_nvlist_dst property nvlist 2297 * zc_nvlist_dst_size size of property nvlist 2298 */ 2299static int 2300zfs_ioc_dataset_list_next(zfs_cmd_t *zc) 2301{ 2302 objset_t *os; 2303 int error; 2304 char *p; 2305 size_t orig_len = strlen(zc->zc_name); 2306 2307top: 2308 if (error = dmu_objset_hold(zc->zc_name, FTAG, &os)) { 2309 if (error == ENOENT) 2310 error = SET_ERROR(ESRCH); 2311 return (error); 2312 } 2313 2314 p = strrchr(zc->zc_name, '/'); 2315 if (p == NULL || p[1] != '\0') 2316 (void) strlcat(zc->zc_name, "/", sizeof (zc->zc_name)); 2317 p = zc->zc_name + strlen(zc->zc_name); 2318 2319 do { 2320 error = dmu_dir_list_next(os, 2321 sizeof (zc->zc_name) - (p - zc->zc_name), p, 2322 NULL, &zc->zc_cookie); 2323 if (error == ENOENT) 2324 error = SET_ERROR(ESRCH); 2325 } while (error == 0 && dataset_name_hidden(zc->zc_name)); 2326 dmu_objset_rele(os, FTAG); 2327 2328 /* 2329 * If it's an internal dataset (ie. with a '$' in its name), 2330 * don't try to get stats for it, otherwise we'll return ENOENT. 2331 */ 2332 if (error == 0 && strchr(zc->zc_name, '$') == NULL) { 2333 error = zfs_ioc_objset_stats(zc); /* fill in the stats */ 2334 if (error == ENOENT) { 2335 /* We lost a race with destroy, get the next one. */ 2336 zc->zc_name[orig_len] = '\0'; 2337 goto top; 2338 } 2339 } 2340 return (error); 2341} 2342 2343/* 2344 * inputs: 2345 * zc_name name of filesystem 2346 * zc_cookie zap cursor 2347 * zc_nvlist_dst_size size of buffer for property nvlist 2348 * zc_simple when set, only name is requested 2349 * 2350 * outputs: 2351 * zc_name name of next snapshot 2352 * zc_objset_stats stats 2353 * zc_nvlist_dst property nvlist 2354 * zc_nvlist_dst_size size of property nvlist 2355 */ 2356static int 2357zfs_ioc_snapshot_list_next(zfs_cmd_t *zc) 2358{ 2359 objset_t *os; 2360 int error; 2361 2362 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 2363 if (error != 0) { 2364 return (error == ENOENT ? ESRCH : error); 2365 } 2366 2367 /* 2368 * A dataset name of maximum length cannot have any snapshots, 2369 * so exit immediately. 2370 */ 2371 if (strlcat(zc->zc_name, "@", sizeof (zc->zc_name)) >= 2372 ZFS_MAX_DATASET_NAME_LEN) { 2373 dmu_objset_rele(os, FTAG); 2374 return (SET_ERROR(ESRCH)); 2375 } 2376 2377 error = dmu_snapshot_list_next(os, 2378 sizeof (zc->zc_name) - strlen(zc->zc_name), 2379 zc->zc_name + strlen(zc->zc_name), &zc->zc_obj, &zc->zc_cookie, 2380 NULL); 2381 2382 if (error == 0 && !zc->zc_simple) { 2383 dsl_dataset_t *ds; 2384 dsl_pool_t *dp = os->os_dsl_dataset->ds_dir->dd_pool; 2385 2386 error = dsl_dataset_hold_obj(dp, zc->zc_obj, FTAG, &ds); 2387 if (error == 0) { 2388 objset_t *ossnap; 2389 2390 error = dmu_objset_from_ds(ds, &ossnap); 2391 if (error == 0) 2392 error = zfs_ioc_objset_stats_impl(zc, ossnap); 2393 dsl_dataset_rele(ds, FTAG); 2394 } 2395 } else if (error == ENOENT) { 2396 error = SET_ERROR(ESRCH); 2397 } 2398 2399 dmu_objset_rele(os, FTAG); 2400 /* if we failed, undo the @ that we tacked on to zc_name */ 2401 if (error != 0) 2402 *strchr(zc->zc_name, '@') = '\0'; 2403 return (error); 2404} 2405 2406static int 2407zfs_prop_set_userquota(const char *dsname, nvpair_t *pair) 2408{ 2409 const char *propname = nvpair_name(pair); 2410 uint64_t *valary; 2411 unsigned int vallen; 2412 const char *domain; 2413 char *dash; 2414 zfs_userquota_prop_t type; 2415 uint64_t rid; 2416 uint64_t quota; 2417 zfsvfs_t *zfsvfs; 2418 int err; 2419 2420 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2421 nvlist_t *attrs; 2422 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2423 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2424 &pair) != 0) 2425 return (SET_ERROR(EINVAL)); 2426 } 2427 2428 /* 2429 * A correctly constructed propname is encoded as 2430 * userquota@<rid>-<domain>. 2431 */ 2432 if ((dash = strchr(propname, '-')) == NULL || 2433 nvpair_value_uint64_array(pair, &valary, &vallen) != 0 || 2434 vallen != 3) 2435 return (SET_ERROR(EINVAL)); 2436 2437 domain = dash + 1; 2438 type = valary[0]; 2439 rid = valary[1]; 2440 quota = valary[2]; 2441 2442 err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_FALSE); 2443 if (err == 0) { 2444 err = zfs_set_userquota(zfsvfs, type, domain, rid, quota); 2445 zfsvfs_rele(zfsvfs, FTAG); 2446 } 2447 2448 return (err); 2449} 2450 2451/* 2452 * If the named property is one that has a special function to set its value, 2453 * return 0 on success and a positive error code on failure; otherwise if it is 2454 * not one of the special properties handled by this function, return -1. 2455 * 2456 * XXX: It would be better for callers of the property interface if we handled 2457 * these special cases in dsl_prop.c (in the dsl layer). 2458 */ 2459static int 2460zfs_prop_set_special(const char *dsname, zprop_source_t source, 2461 nvpair_t *pair) 2462{ 2463 const char *propname = nvpair_name(pair); 2464 zfs_prop_t prop = zfs_name_to_prop(propname); 2465 uint64_t intval; 2466 int err = -1; 2467 2468 if (prop == ZPROP_INVAL) { 2469 if (zfs_prop_userquota(propname)) 2470 return (zfs_prop_set_userquota(dsname, pair)); 2471 return (-1); 2472 } 2473 2474 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2475 nvlist_t *attrs; 2476 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 2477 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2478 &pair) == 0); 2479 } 2480 2481 if (zfs_prop_get_type(prop) == PROP_TYPE_STRING) 2482 return (-1); 2483 2484 VERIFY(0 == nvpair_value_uint64(pair, &intval)); 2485 2486 switch (prop) { 2487 case ZFS_PROP_QUOTA: 2488 err = dsl_dir_set_quota(dsname, source, intval); 2489 break; 2490 case ZFS_PROP_REFQUOTA: 2491 err = dsl_dataset_set_refquota(dsname, source, intval); 2492 break; 2493 case ZFS_PROP_FILESYSTEM_LIMIT: 2494 case ZFS_PROP_SNAPSHOT_LIMIT: 2495 if (intval == UINT64_MAX) { 2496 /* clearing the limit, just do it */ 2497 err = 0; 2498 } else { 2499 err = dsl_dir_activate_fs_ss_limit(dsname); 2500 } 2501 /* 2502 * Set err to -1 to force the zfs_set_prop_nvlist code down the 2503 * default path to set the value in the nvlist. 2504 */ 2505 if (err == 0) 2506 err = -1; 2507 break; 2508 case ZFS_PROP_RESERVATION: 2509 err = dsl_dir_set_reservation(dsname, source, intval); 2510 break; 2511 case ZFS_PROP_REFRESERVATION: 2512 err = dsl_dataset_set_refreservation(dsname, source, intval); 2513 break; 2514 case ZFS_PROP_VOLSIZE: 2515 err = zvol_set_volsize(dsname, intval); 2516 break; 2517 case ZFS_PROP_VERSION: 2518 { 2519 zfsvfs_t *zfsvfs; 2520 2521 if ((err = zfsvfs_hold(dsname, FTAG, &zfsvfs, B_TRUE)) != 0) 2522 break; 2523 2524 err = zfs_set_version(zfsvfs, intval); 2525 zfsvfs_rele(zfsvfs, FTAG); 2526 2527 if (err == 0 && intval >= ZPL_VERSION_USERSPACE) { 2528 zfs_cmd_t *zc; 2529 2530 zc = kmem_zalloc(sizeof (zfs_cmd_t), KM_SLEEP); 2531 (void) strcpy(zc->zc_name, dsname); 2532 (void) zfs_ioc_userspace_upgrade(zc); 2533 kmem_free(zc, sizeof (zfs_cmd_t)); 2534 } 2535 break; 2536 } 2537 default: 2538 err = -1; 2539 } 2540 2541 return (err); 2542} 2543 2544/* 2545 * This function is best effort. If it fails to set any of the given properties, 2546 * it continues to set as many as it can and returns the last error 2547 * encountered. If the caller provides a non-NULL errlist, it will be filled in 2548 * with the list of names of all the properties that failed along with the 2549 * corresponding error numbers. 2550 * 2551 * If every property is set successfully, zero is returned and errlist is not 2552 * modified. 2553 */ 2554int 2555zfs_set_prop_nvlist(const char *dsname, zprop_source_t source, nvlist_t *nvl, 2556 nvlist_t *errlist) 2557{ 2558 nvpair_t *pair; 2559 nvpair_t *propval; 2560 int rv = 0; 2561 uint64_t intval; 2562 char *strval; 2563 nvlist_t *genericnvl = fnvlist_alloc(); 2564 nvlist_t *retrynvl = fnvlist_alloc(); 2565 2566retry: 2567 pair = NULL; 2568 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2569 const char *propname = nvpair_name(pair); 2570 zfs_prop_t prop = zfs_name_to_prop(propname); 2571 int err = 0; 2572 2573 /* decode the property value */ 2574 propval = pair; 2575 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2576 nvlist_t *attrs; 2577 attrs = fnvpair_value_nvlist(pair); 2578 if (nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 2579 &propval) != 0) 2580 err = SET_ERROR(EINVAL); 2581 } 2582 2583 /* Validate value type */ 2584 if (err == 0 && prop == ZPROP_INVAL) { 2585 if (zfs_prop_user(propname)) { 2586 if (nvpair_type(propval) != DATA_TYPE_STRING) 2587 err = SET_ERROR(EINVAL); 2588 } else if (zfs_prop_userquota(propname)) { 2589 if (nvpair_type(propval) != 2590 DATA_TYPE_UINT64_ARRAY) 2591 err = SET_ERROR(EINVAL); 2592 } else { 2593 err = SET_ERROR(EINVAL); 2594 } 2595 } else if (err == 0) { 2596 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2597 if (zfs_prop_get_type(prop) != PROP_TYPE_STRING) 2598 err = SET_ERROR(EINVAL); 2599 } else if (nvpair_type(propval) == DATA_TYPE_UINT64) { 2600 const char *unused; 2601 2602 intval = fnvpair_value_uint64(propval); 2603 2604 switch (zfs_prop_get_type(prop)) { 2605 case PROP_TYPE_NUMBER: 2606 break; 2607 case PROP_TYPE_STRING: 2608 err = SET_ERROR(EINVAL); 2609 break; 2610 case PROP_TYPE_INDEX: 2611 if (zfs_prop_index_to_string(prop, 2612 intval, &unused) != 0) 2613 err = SET_ERROR(EINVAL); 2614 break; 2615 default: 2616 cmn_err(CE_PANIC, 2617 "unknown property type"); 2618 } 2619 } else { 2620 err = SET_ERROR(EINVAL); 2621 } 2622 } 2623 2624 /* Validate permissions */ 2625 if (err == 0) 2626 err = zfs_check_settable(dsname, pair, CRED()); 2627 2628 if (err == 0) { 2629 err = zfs_prop_set_special(dsname, source, pair); 2630 if (err == -1) { 2631 /* 2632 * For better performance we build up a list of 2633 * properties to set in a single transaction. 2634 */ 2635 err = nvlist_add_nvpair(genericnvl, pair); 2636 } else if (err != 0 && nvl != retrynvl) { 2637 /* 2638 * This may be a spurious error caused by 2639 * receiving quota and reservation out of order. 2640 * Try again in a second pass. 2641 */ 2642 err = nvlist_add_nvpair(retrynvl, pair); 2643 } 2644 } 2645 2646 if (err != 0) { 2647 if (errlist != NULL) 2648 fnvlist_add_int32(errlist, propname, err); 2649 rv = err; 2650 } 2651 } 2652 2653 if (nvl != retrynvl && !nvlist_empty(retrynvl)) { 2654 nvl = retrynvl; 2655 goto retry; 2656 } 2657 2658 if (!nvlist_empty(genericnvl) && 2659 dsl_props_set(dsname, source, genericnvl) != 0) { 2660 /* 2661 * If this fails, we still want to set as many properties as we 2662 * can, so try setting them individually. 2663 */ 2664 pair = NULL; 2665 while ((pair = nvlist_next_nvpair(genericnvl, pair)) != NULL) { 2666 const char *propname = nvpair_name(pair); 2667 int err = 0; 2668 2669 propval = pair; 2670 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 2671 nvlist_t *attrs; 2672 attrs = fnvpair_value_nvlist(pair); 2673 propval = fnvlist_lookup_nvpair(attrs, 2674 ZPROP_VALUE); 2675 } 2676 2677 if (nvpair_type(propval) == DATA_TYPE_STRING) { 2678 strval = fnvpair_value_string(propval); 2679 err = dsl_prop_set_string(dsname, propname, 2680 source, strval); 2681 } else { 2682 intval = fnvpair_value_uint64(propval); 2683 err = dsl_prop_set_int(dsname, propname, source, 2684 intval); 2685 } 2686 2687 if (err != 0) { 2688 if (errlist != NULL) { 2689 fnvlist_add_int32(errlist, propname, 2690 err); 2691 } 2692 rv = err; 2693 } 2694 } 2695 } 2696 nvlist_free(genericnvl); 2697 nvlist_free(retrynvl); 2698 2699 return (rv); 2700} 2701 2702/* 2703 * Check that all the properties are valid user properties. 2704 */ 2705static int 2706zfs_check_userprops(const char *fsname, nvlist_t *nvl) 2707{ 2708 nvpair_t *pair = NULL; 2709 int error = 0; 2710 2711 while ((pair = nvlist_next_nvpair(nvl, pair)) != NULL) { 2712 const char *propname = nvpair_name(pair); 2713 2714 if (!zfs_prop_user(propname) || 2715 nvpair_type(pair) != DATA_TYPE_STRING) 2716 return (SET_ERROR(EINVAL)); 2717 2718 if (error = zfs_secpolicy_write_perms(fsname, 2719 ZFS_DELEG_PERM_USERPROP, CRED())) 2720 return (error); 2721 2722 if (strlen(propname) >= ZAP_MAXNAMELEN) 2723 return (SET_ERROR(ENAMETOOLONG)); 2724 2725 if (strlen(fnvpair_value_string(pair)) >= ZAP_MAXVALUELEN) 2726 return (E2BIG); 2727 } 2728 return (0); 2729} 2730 2731static void 2732props_skip(nvlist_t *props, nvlist_t *skipped, nvlist_t **newprops) 2733{ 2734 nvpair_t *pair; 2735 2736 VERIFY(nvlist_alloc(newprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2737 2738 pair = NULL; 2739 while ((pair = nvlist_next_nvpair(props, pair)) != NULL) { 2740 if (nvlist_exists(skipped, nvpair_name(pair))) 2741 continue; 2742 2743 VERIFY(nvlist_add_nvpair(*newprops, pair) == 0); 2744 } 2745} 2746 2747static int 2748clear_received_props(const char *dsname, nvlist_t *props, 2749 nvlist_t *skipped) 2750{ 2751 int err = 0; 2752 nvlist_t *cleared_props = NULL; 2753 props_skip(props, skipped, &cleared_props); 2754 if (!nvlist_empty(cleared_props)) { 2755 /* 2756 * Acts on local properties until the dataset has received 2757 * properties at least once on or after SPA_VERSION_RECVD_PROPS. 2758 */ 2759 zprop_source_t flags = (ZPROP_SRC_NONE | 2760 (dsl_prop_get_hasrecvd(dsname) ? ZPROP_SRC_RECEIVED : 0)); 2761 err = zfs_set_prop_nvlist(dsname, flags, cleared_props, NULL); 2762 } 2763 nvlist_free(cleared_props); 2764 return (err); 2765} 2766 2767/* 2768 * inputs: 2769 * zc_name name of filesystem 2770 * zc_value name of property to set 2771 * zc_nvlist_src{_size} nvlist of properties to apply 2772 * zc_cookie received properties flag 2773 * 2774 * outputs: 2775 * zc_nvlist_dst{_size} error for each unapplied received property 2776 */ 2777static int 2778zfs_ioc_set_prop(zfs_cmd_t *zc) 2779{ 2780 nvlist_t *nvl; 2781 boolean_t received = zc->zc_cookie; 2782 zprop_source_t source = (received ? ZPROP_SRC_RECEIVED : 2783 ZPROP_SRC_LOCAL); 2784 nvlist_t *errors; 2785 int error; 2786 2787 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2788 zc->zc_iflags, &nvl)) != 0) 2789 return (error); 2790 2791 if (received) { 2792 nvlist_t *origprops; 2793 2794 if (dsl_prop_get_received(zc->zc_name, &origprops) == 0) { 2795 (void) clear_received_props(zc->zc_name, 2796 origprops, nvl); 2797 nvlist_free(origprops); 2798 } 2799 2800 error = dsl_prop_set_hasrecvd(zc->zc_name); 2801 } 2802 2803 errors = fnvlist_alloc(); 2804 if (error == 0) 2805 error = zfs_set_prop_nvlist(zc->zc_name, source, nvl, errors); 2806 2807 if (zc->zc_nvlist_dst != 0 && errors != NULL) { 2808 (void) put_nvlist(zc, errors); 2809 } 2810 2811 nvlist_free(errors); 2812 nvlist_free(nvl); 2813 return (error); 2814} 2815 2816/* 2817 * inputs: 2818 * zc_name name of filesystem 2819 * zc_value name of property to inherit 2820 * zc_cookie revert to received value if TRUE 2821 * 2822 * outputs: none 2823 */ 2824static int 2825zfs_ioc_inherit_prop(zfs_cmd_t *zc) 2826{ 2827 const char *propname = zc->zc_value; 2828 zfs_prop_t prop = zfs_name_to_prop(propname); 2829 boolean_t received = zc->zc_cookie; 2830 zprop_source_t source = (received 2831 ? ZPROP_SRC_NONE /* revert to received value, if any */ 2832 : ZPROP_SRC_INHERITED); /* explicitly inherit */ 2833 2834 if (received) { 2835 nvlist_t *dummy; 2836 nvpair_t *pair; 2837 zprop_type_t type; 2838 int err; 2839 2840 /* 2841 * zfs_prop_set_special() expects properties in the form of an 2842 * nvpair with type info. 2843 */ 2844 if (prop == ZPROP_INVAL) { 2845 if (!zfs_prop_user(propname)) 2846 return (SET_ERROR(EINVAL)); 2847 2848 type = PROP_TYPE_STRING; 2849 } else if (prop == ZFS_PROP_VOLSIZE || 2850 prop == ZFS_PROP_VERSION) { 2851 return (SET_ERROR(EINVAL)); 2852 } else { 2853 type = zfs_prop_get_type(prop); 2854 } 2855 2856 VERIFY(nvlist_alloc(&dummy, NV_UNIQUE_NAME, KM_SLEEP) == 0); 2857 2858 switch (type) { 2859 case PROP_TYPE_STRING: 2860 VERIFY(0 == nvlist_add_string(dummy, propname, "")); 2861 break; 2862 case PROP_TYPE_NUMBER: 2863 case PROP_TYPE_INDEX: 2864 VERIFY(0 == nvlist_add_uint64(dummy, propname, 0)); 2865 break; 2866 default: 2867 nvlist_free(dummy); 2868 return (SET_ERROR(EINVAL)); 2869 } 2870 2871 pair = nvlist_next_nvpair(dummy, NULL); 2872 err = zfs_prop_set_special(zc->zc_name, source, pair); 2873 nvlist_free(dummy); 2874 if (err != -1) 2875 return (err); /* special property already handled */ 2876 } else { 2877 /* 2878 * Only check this in the non-received case. We want to allow 2879 * 'inherit -S' to revert non-inheritable properties like quota 2880 * and reservation to the received or default values even though 2881 * they are not considered inheritable. 2882 */ 2883 if (prop != ZPROP_INVAL && !zfs_prop_inheritable(prop)) 2884 return (SET_ERROR(EINVAL)); 2885 } 2886 2887 /* property name has been validated by zfs_secpolicy_inherit_prop() */ 2888 return (dsl_prop_inherit(zc->zc_name, zc->zc_value, source)); 2889} 2890 2891static int 2892zfs_ioc_pool_set_props(zfs_cmd_t *zc) 2893{ 2894 nvlist_t *props; 2895 spa_t *spa; 2896 int error; 2897 nvpair_t *pair; 2898 2899 if (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2900 zc->zc_iflags, &props)) 2901 return (error); 2902 2903 /* 2904 * If the only property is the configfile, then just do a spa_lookup() 2905 * to handle the faulted case. 2906 */ 2907 pair = nvlist_next_nvpair(props, NULL); 2908 if (pair != NULL && strcmp(nvpair_name(pair), 2909 zpool_prop_to_name(ZPOOL_PROP_CACHEFILE)) == 0 && 2910 nvlist_next_nvpair(props, pair) == NULL) { 2911 mutex_enter(&spa_namespace_lock); 2912 if ((spa = spa_lookup(zc->zc_name)) != NULL) { 2913 spa_configfile_set(spa, props, B_FALSE); 2914 spa_config_sync(spa, B_FALSE, B_TRUE); 2915 } 2916 mutex_exit(&spa_namespace_lock); 2917 if (spa != NULL) { 2918 nvlist_free(props); 2919 return (0); 2920 } 2921 } 2922 2923 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2924 nvlist_free(props); 2925 return (error); 2926 } 2927 2928 error = spa_prop_set(spa, props); 2929 2930 nvlist_free(props); 2931 spa_close(spa, FTAG); 2932 2933 return (error); 2934} 2935 2936static int 2937zfs_ioc_pool_get_props(zfs_cmd_t *zc) 2938{ 2939 spa_t *spa; 2940 int error; 2941 nvlist_t *nvp = NULL; 2942 2943 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) { 2944 /* 2945 * If the pool is faulted, there may be properties we can still 2946 * get (such as altroot and cachefile), so attempt to get them 2947 * anyway. 2948 */ 2949 mutex_enter(&spa_namespace_lock); 2950 if ((spa = spa_lookup(zc->zc_name)) != NULL) 2951 error = spa_prop_get(spa, &nvp); 2952 mutex_exit(&spa_namespace_lock); 2953 } else { 2954 error = spa_prop_get(spa, &nvp); 2955 spa_close(spa, FTAG); 2956 } 2957 2958 if (error == 0 && zc->zc_nvlist_dst != 0) 2959 error = put_nvlist(zc, nvp); 2960 else 2961 error = SET_ERROR(EFAULT); 2962 2963 nvlist_free(nvp); 2964 return (error); 2965} 2966 2967/* 2968 * inputs: 2969 * zc_name name of filesystem 2970 * zc_nvlist_src{_size} nvlist of delegated permissions 2971 * zc_perm_action allow/unallow flag 2972 * 2973 * outputs: none 2974 */ 2975static int 2976zfs_ioc_set_fsacl(zfs_cmd_t *zc) 2977{ 2978 int error; 2979 nvlist_t *fsaclnv = NULL; 2980 2981 if ((error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 2982 zc->zc_iflags, &fsaclnv)) != 0) 2983 return (error); 2984 2985 /* 2986 * Verify nvlist is constructed correctly 2987 */ 2988 if ((error = zfs_deleg_verify_nvlist(fsaclnv)) != 0) { 2989 nvlist_free(fsaclnv); 2990 return (SET_ERROR(EINVAL)); 2991 } 2992 2993 /* 2994 * If we don't have PRIV_SYS_MOUNT, then validate 2995 * that user is allowed to hand out each permission in 2996 * the nvlist(s) 2997 */ 2998 2999 error = secpolicy_zfs(CRED()); 3000 if (error != 0) { 3001 if (zc->zc_perm_action == B_FALSE) { 3002 error = dsl_deleg_can_allow(zc->zc_name, 3003 fsaclnv, CRED()); 3004 } else { 3005 error = dsl_deleg_can_unallow(zc->zc_name, 3006 fsaclnv, CRED()); 3007 } 3008 } 3009 3010 if (error == 0) 3011 error = dsl_deleg_set(zc->zc_name, fsaclnv, zc->zc_perm_action); 3012 3013 nvlist_free(fsaclnv); 3014 return (error); 3015} 3016 3017/* 3018 * inputs: 3019 * zc_name name of filesystem 3020 * 3021 * outputs: 3022 * zc_nvlist_src{_size} nvlist of delegated permissions 3023 */ 3024static int 3025zfs_ioc_get_fsacl(zfs_cmd_t *zc) 3026{ 3027 nvlist_t *nvp; 3028 int error; 3029 3030 if ((error = dsl_deleg_get(zc->zc_name, &nvp)) == 0) { 3031 error = put_nvlist(zc, nvp); 3032 nvlist_free(nvp); 3033 } 3034 3035 return (error); 3036} 3037 3038/* 3039 * Search the vfs list for a specified resource. Returns a pointer to it 3040 * or NULL if no suitable entry is found. The caller of this routine 3041 * is responsible for releasing the returned vfs pointer. 3042 */ 3043static vfs_t * 3044zfs_get_vfs(const char *resource) 3045{ 3046 vfs_t *vfsp; 3047 3048 mtx_lock(&mountlist_mtx); 3049 TAILQ_FOREACH(vfsp, &mountlist, mnt_list) { 3050 if (strcmp(refstr_value(vfsp->vfs_resource), resource) == 0) { 3051 vfs_ref(vfsp); 3052 break; 3053 } 3054 } 3055 mtx_unlock(&mountlist_mtx); 3056 return (vfsp); 3057} 3058 3059/* ARGSUSED */ 3060static void 3061zfs_create_cb(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx) 3062{ 3063 zfs_creat_t *zct = arg; 3064 3065 zfs_create_fs(os, cr, zct->zct_zplprops, tx); 3066} 3067 3068#define ZFS_PROP_UNDEFINED ((uint64_t)-1) 3069 3070/* 3071 * inputs: 3072 * os parent objset pointer (NULL if root fs) 3073 * fuids_ok fuids allowed in this version of the spa? 3074 * sa_ok SAs allowed in this version of the spa? 3075 * createprops list of properties requested by creator 3076 * 3077 * outputs: 3078 * zplprops values for the zplprops we attach to the master node object 3079 * is_ci true if requested file system will be purely case-insensitive 3080 * 3081 * Determine the settings for utf8only, normalization and 3082 * casesensitivity. Specific values may have been requested by the 3083 * creator and/or we can inherit values from the parent dataset. If 3084 * the file system is of too early a vintage, a creator can not 3085 * request settings for these properties, even if the requested 3086 * setting is the default value. We don't actually want to create dsl 3087 * properties for these, so remove them from the source nvlist after 3088 * processing. 3089 */ 3090static int 3091zfs_fill_zplprops_impl(objset_t *os, uint64_t zplver, 3092 boolean_t fuids_ok, boolean_t sa_ok, nvlist_t *createprops, 3093 nvlist_t *zplprops, boolean_t *is_ci) 3094{ 3095 uint64_t sense = ZFS_PROP_UNDEFINED; 3096 uint64_t norm = ZFS_PROP_UNDEFINED; 3097 uint64_t u8 = ZFS_PROP_UNDEFINED; 3098 3099 ASSERT(zplprops != NULL); 3100 3101 /* 3102 * Pull out creator prop choices, if any. 3103 */ 3104 if (createprops) { 3105 (void) nvlist_lookup_uint64(createprops, 3106 zfs_prop_to_name(ZFS_PROP_VERSION), &zplver); 3107 (void) nvlist_lookup_uint64(createprops, 3108 zfs_prop_to_name(ZFS_PROP_NORMALIZE), &norm); 3109 (void) nvlist_remove_all(createprops, 3110 zfs_prop_to_name(ZFS_PROP_NORMALIZE)); 3111 (void) nvlist_lookup_uint64(createprops, 3112 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), &u8); 3113 (void) nvlist_remove_all(createprops, 3114 zfs_prop_to_name(ZFS_PROP_UTF8ONLY)); 3115 (void) nvlist_lookup_uint64(createprops, 3116 zfs_prop_to_name(ZFS_PROP_CASE), &sense); 3117 (void) nvlist_remove_all(createprops, 3118 zfs_prop_to_name(ZFS_PROP_CASE)); 3119 } 3120 3121 /* 3122 * If the zpl version requested is whacky or the file system 3123 * or pool is version is too "young" to support normalization 3124 * and the creator tried to set a value for one of the props, 3125 * error out. 3126 */ 3127 if ((zplver < ZPL_VERSION_INITIAL || zplver > ZPL_VERSION) || 3128 (zplver >= ZPL_VERSION_FUID && !fuids_ok) || 3129 (zplver >= ZPL_VERSION_SA && !sa_ok) || 3130 (zplver < ZPL_VERSION_NORMALIZATION && 3131 (norm != ZFS_PROP_UNDEFINED || u8 != ZFS_PROP_UNDEFINED || 3132 sense != ZFS_PROP_UNDEFINED))) 3133 return (SET_ERROR(ENOTSUP)); 3134 3135 /* 3136 * Put the version in the zplprops 3137 */ 3138 VERIFY(nvlist_add_uint64(zplprops, 3139 zfs_prop_to_name(ZFS_PROP_VERSION), zplver) == 0); 3140 3141 if (norm == ZFS_PROP_UNDEFINED) 3142 VERIFY(zfs_get_zplprop(os, ZFS_PROP_NORMALIZE, &norm) == 0); 3143 VERIFY(nvlist_add_uint64(zplprops, 3144 zfs_prop_to_name(ZFS_PROP_NORMALIZE), norm) == 0); 3145 3146 /* 3147 * If we're normalizing, names must always be valid UTF-8 strings. 3148 */ 3149 if (norm) 3150 u8 = 1; 3151 if (u8 == ZFS_PROP_UNDEFINED) 3152 VERIFY(zfs_get_zplprop(os, ZFS_PROP_UTF8ONLY, &u8) == 0); 3153 VERIFY(nvlist_add_uint64(zplprops, 3154 zfs_prop_to_name(ZFS_PROP_UTF8ONLY), u8) == 0); 3155 3156 if (sense == ZFS_PROP_UNDEFINED) 3157 VERIFY(zfs_get_zplprop(os, ZFS_PROP_CASE, &sense) == 0); 3158 VERIFY(nvlist_add_uint64(zplprops, 3159 zfs_prop_to_name(ZFS_PROP_CASE), sense) == 0); 3160 3161 if (is_ci) 3162 *is_ci = (sense == ZFS_CASE_INSENSITIVE); 3163 3164 return (0); 3165} 3166 3167static int 3168zfs_fill_zplprops(const char *dataset, nvlist_t *createprops, 3169 nvlist_t *zplprops, boolean_t *is_ci) 3170{ 3171 boolean_t fuids_ok, sa_ok; 3172 uint64_t zplver = ZPL_VERSION; 3173 objset_t *os = NULL; 3174 char parentname[ZFS_MAX_DATASET_NAME_LEN]; 3175 char *cp; 3176 spa_t *spa; 3177 uint64_t spa_vers; 3178 int error; 3179 3180 (void) strlcpy(parentname, dataset, sizeof (parentname)); 3181 cp = strrchr(parentname, '/'); 3182 ASSERT(cp != NULL); 3183 cp[0] = '\0'; 3184 3185 if ((error = spa_open(dataset, &spa, FTAG)) != 0) 3186 return (error); 3187 3188 spa_vers = spa_version(spa); 3189 spa_close(spa, FTAG); 3190 3191 zplver = zfs_zpl_version_map(spa_vers); 3192 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3193 sa_ok = (zplver >= ZPL_VERSION_SA); 3194 3195 /* 3196 * Open parent object set so we can inherit zplprop values. 3197 */ 3198 if ((error = dmu_objset_hold(parentname, FTAG, &os)) != 0) 3199 return (error); 3200 3201 error = zfs_fill_zplprops_impl(os, zplver, fuids_ok, sa_ok, createprops, 3202 zplprops, is_ci); 3203 dmu_objset_rele(os, FTAG); 3204 return (error); 3205} 3206 3207static int 3208zfs_fill_zplprops_root(uint64_t spa_vers, nvlist_t *createprops, 3209 nvlist_t *zplprops, boolean_t *is_ci) 3210{ 3211 boolean_t fuids_ok; 3212 boolean_t sa_ok; 3213 uint64_t zplver = ZPL_VERSION; 3214 int error; 3215 3216 zplver = zfs_zpl_version_map(spa_vers); 3217 fuids_ok = (zplver >= ZPL_VERSION_FUID); 3218 sa_ok = (zplver >= ZPL_VERSION_SA); 3219 3220 error = zfs_fill_zplprops_impl(NULL, zplver, fuids_ok, sa_ok, 3221 createprops, zplprops, is_ci); 3222 return (error); 3223} 3224 3225/* 3226 * innvl: { 3227 * "type" -> dmu_objset_type_t (int32) 3228 * (optional) "props" -> { prop -> value } 3229 * } 3230 * 3231 * outnvl: propname -> error code (int32) 3232 */ 3233static int 3234zfs_ioc_create(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3235{ 3236 int error = 0; 3237 zfs_creat_t zct = { 0 }; 3238 nvlist_t *nvprops = NULL; 3239 void (*cbfunc)(objset_t *os, void *arg, cred_t *cr, dmu_tx_t *tx); 3240 int32_t type32; 3241 dmu_objset_type_t type; 3242 boolean_t is_insensitive = B_FALSE; 3243 3244 if (nvlist_lookup_int32(innvl, "type", &type32) != 0) 3245 return (SET_ERROR(EINVAL)); 3246 type = type32; 3247 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3248 3249 switch (type) { 3250 case DMU_OST_ZFS: 3251 cbfunc = zfs_create_cb; 3252 break; 3253 3254 case DMU_OST_ZVOL: 3255 cbfunc = zvol_create_cb; 3256 break; 3257 3258 default: 3259 cbfunc = NULL; 3260 break; 3261 } 3262 if (strchr(fsname, '@') || 3263 strchr(fsname, '%')) 3264 return (SET_ERROR(EINVAL)); 3265 3266 zct.zct_props = nvprops; 3267 3268 if (cbfunc == NULL) 3269 return (SET_ERROR(EINVAL)); 3270 3271 if (type == DMU_OST_ZVOL) { 3272 uint64_t volsize, volblocksize; 3273 3274 if (nvprops == NULL) 3275 return (SET_ERROR(EINVAL)); 3276 if (nvlist_lookup_uint64(nvprops, 3277 zfs_prop_to_name(ZFS_PROP_VOLSIZE), &volsize) != 0) 3278 return (SET_ERROR(EINVAL)); 3279 3280 if ((error = nvlist_lookup_uint64(nvprops, 3281 zfs_prop_to_name(ZFS_PROP_VOLBLOCKSIZE), 3282 &volblocksize)) != 0 && error != ENOENT) 3283 return (SET_ERROR(EINVAL)); 3284 3285 if (error != 0) 3286 volblocksize = zfs_prop_default_numeric( 3287 ZFS_PROP_VOLBLOCKSIZE); 3288 3289 if ((error = zvol_check_volblocksize( 3290 volblocksize)) != 0 || 3291 (error = zvol_check_volsize(volsize, 3292 volblocksize)) != 0) 3293 return (error); 3294 } else if (type == DMU_OST_ZFS) { 3295 int error; 3296 3297 /* 3298 * We have to have normalization and 3299 * case-folding flags correct when we do the 3300 * file system creation, so go figure them out 3301 * now. 3302 */ 3303 VERIFY(nvlist_alloc(&zct.zct_zplprops, 3304 NV_UNIQUE_NAME, KM_SLEEP) == 0); 3305 error = zfs_fill_zplprops(fsname, nvprops, 3306 zct.zct_zplprops, &is_insensitive); 3307 if (error != 0) { 3308 nvlist_free(zct.zct_zplprops); 3309 return (error); 3310 } 3311 } 3312 3313 error = dmu_objset_create(fsname, type, 3314 is_insensitive ? DS_FLAG_CI_DATASET : 0, cbfunc, &zct); 3315 nvlist_free(zct.zct_zplprops); 3316 3317 /* 3318 * It would be nice to do this atomically. 3319 */ 3320 if (error == 0) { 3321 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3322 nvprops, outnvl); 3323 if (error != 0) 3324 (void) dsl_destroy_head(fsname); 3325 } 3326#ifdef __FreeBSD__ 3327 if (error == 0 && type == DMU_OST_ZVOL) 3328 zvol_create_minors(fsname); 3329#endif 3330 return (error); 3331} 3332 3333/* 3334 * innvl: { 3335 * "origin" -> name of origin snapshot 3336 * (optional) "props" -> { prop -> value } 3337 * } 3338 * 3339 * outnvl: propname -> error code (int32) 3340 */ 3341static int 3342zfs_ioc_clone(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3343{ 3344 int error = 0; 3345 nvlist_t *nvprops = NULL; 3346 char *origin_name; 3347 3348 if (nvlist_lookup_string(innvl, "origin", &origin_name) != 0) 3349 return (SET_ERROR(EINVAL)); 3350 (void) nvlist_lookup_nvlist(innvl, "props", &nvprops); 3351 3352 if (strchr(fsname, '@') || 3353 strchr(fsname, '%')) 3354 return (SET_ERROR(EINVAL)); 3355 3356 if (dataset_namecheck(origin_name, NULL, NULL) != 0) 3357 return (SET_ERROR(EINVAL)); 3358 error = dmu_objset_clone(fsname, origin_name); 3359 if (error != 0) 3360 return (error); 3361 3362 /* 3363 * It would be nice to do this atomically. 3364 */ 3365 if (error == 0) { 3366 error = zfs_set_prop_nvlist(fsname, ZPROP_SRC_LOCAL, 3367 nvprops, outnvl); 3368 if (error != 0) 3369 (void) dsl_destroy_head(fsname); 3370 } 3371#ifdef __FreeBSD__ 3372 if (error == 0) 3373 zvol_create_minors(fsname); 3374#endif 3375 return (error); 3376} 3377 3378/* 3379 * innvl: { 3380 * "snaps" -> { snapshot1, snapshot2 } 3381 * (optional) "props" -> { prop -> value (string) } 3382 * } 3383 * 3384 * outnvl: snapshot -> error code (int32) 3385 */ 3386static int 3387zfs_ioc_snapshot(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3388{ 3389 nvlist_t *snaps; 3390 nvlist_t *props = NULL; 3391 int error, poollen; 3392 nvpair_t *pair; 3393 3394 (void) nvlist_lookup_nvlist(innvl, "props", &props); 3395 if ((error = zfs_check_userprops(poolname, props)) != 0) 3396 return (error); 3397 3398 if (!nvlist_empty(props) && 3399 zfs_earlier_version(poolname, SPA_VERSION_SNAP_PROPS)) 3400 return (SET_ERROR(ENOTSUP)); 3401 3402 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3403 return (SET_ERROR(EINVAL)); 3404 poollen = strlen(poolname); 3405 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3406 pair = nvlist_next_nvpair(snaps, pair)) { 3407 const char *name = nvpair_name(pair); 3408 const char *cp = strchr(name, '@'); 3409 3410 /* 3411 * The snap name must contain an @, and the part after it must 3412 * contain only valid characters. 3413 */ 3414 if (cp == NULL || 3415 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3416 return (SET_ERROR(EINVAL)); 3417 3418 /* 3419 * The snap must be in the specified pool. 3420 */ 3421 if (strncmp(name, poolname, poollen) != 0 || 3422 (name[poollen] != '/' && name[poollen] != '@')) 3423 return (SET_ERROR(EXDEV)); 3424 3425 /* This must be the only snap of this fs. */ 3426 for (nvpair_t *pair2 = nvlist_next_nvpair(snaps, pair); 3427 pair2 != NULL; pair2 = nvlist_next_nvpair(snaps, pair2)) { 3428 if (strncmp(name, nvpair_name(pair2), cp - name + 1) 3429 == 0) { 3430 return (SET_ERROR(EXDEV)); 3431 } 3432 } 3433 } 3434 3435 error = dsl_dataset_snapshot(snaps, props, outnvl); 3436 return (error); 3437} 3438 3439/* 3440 * innvl: "message" -> string 3441 */ 3442/* ARGSUSED */ 3443static int 3444zfs_ioc_log_history(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3445{ 3446 char *message; 3447 spa_t *spa; 3448 int error; 3449 char *poolname; 3450 3451 /* 3452 * The poolname in the ioctl is not set, we get it from the TSD, 3453 * which was set at the end of the last successful ioctl that allows 3454 * logging. The secpolicy func already checked that it is set. 3455 * Only one log ioctl is allowed after each successful ioctl, so 3456 * we clear the TSD here. 3457 */ 3458 poolname = tsd_get(zfs_allow_log_key); 3459 (void) tsd_set(zfs_allow_log_key, NULL); 3460 error = spa_open(poolname, &spa, FTAG); 3461 strfree(poolname); 3462 if (error != 0) 3463 return (error); 3464 3465 if (nvlist_lookup_string(innvl, "message", &message) != 0) { 3466 spa_close(spa, FTAG); 3467 return (SET_ERROR(EINVAL)); 3468 } 3469 3470 if (spa_version(spa) < SPA_VERSION_ZPOOL_HISTORY) { 3471 spa_close(spa, FTAG); 3472 return (SET_ERROR(ENOTSUP)); 3473 } 3474 3475 error = spa_history_log(spa, message); 3476 spa_close(spa, FTAG); 3477 return (error); 3478} 3479 3480#ifdef __FreeBSD__ 3481static int 3482zfs_ioc_nextboot(const char *unused, nvlist_t *innvl, nvlist_t *outnvl) 3483{ 3484 char name[MAXNAMELEN]; 3485 spa_t *spa; 3486 vdev_t *vd; 3487 char *command; 3488 uint64_t pool_guid; 3489 uint64_t vdev_guid; 3490 int error; 3491 3492 if (nvlist_lookup_uint64(innvl, 3493 ZPOOL_CONFIG_POOL_GUID, &pool_guid) != 0) 3494 return (EINVAL); 3495 if (nvlist_lookup_uint64(innvl, 3496 ZPOOL_CONFIG_GUID, &vdev_guid) != 0) 3497 return (EINVAL); 3498 if (nvlist_lookup_string(innvl, 3499 "command", &command) != 0) 3500 return (EINVAL); 3501 3502 mutex_enter(&spa_namespace_lock); 3503 spa = spa_by_guid(pool_guid, vdev_guid); 3504 if (spa != NULL) 3505 strcpy(name, spa_name(spa)); 3506 mutex_exit(&spa_namespace_lock); 3507 if (spa == NULL) 3508 return (ENOENT); 3509 3510 if ((error = spa_open(name, &spa, FTAG)) != 0) 3511 return (error); 3512 spa_vdev_state_enter(spa, SCL_ALL); 3513 vd = spa_lookup_by_guid(spa, vdev_guid, B_TRUE); 3514 if (vd == NULL) { 3515 (void) spa_vdev_state_exit(spa, NULL, ENXIO); 3516 spa_close(spa, FTAG); 3517 return (ENODEV); 3518 } 3519 error = vdev_label_write_pad2(vd, command, strlen(command)); 3520 (void) spa_vdev_state_exit(spa, NULL, 0); 3521 txg_wait_synced(spa->spa_dsl_pool, 0); 3522 spa_close(spa, FTAG); 3523 return (error); 3524} 3525#endif 3526 3527/* 3528 * The dp_config_rwlock must not be held when calling this, because the 3529 * unmount may need to write out data. 3530 * 3531 * This function is best-effort. Callers must deal gracefully if it 3532 * remains mounted (or is remounted after this call). 3533 * 3534 * Returns 0 if the argument is not a snapshot, or it is not currently a 3535 * filesystem, or we were able to unmount it. Returns error code otherwise. 3536 */ 3537int 3538zfs_unmount_snap(const char *snapname) 3539{ 3540 vfs_t *vfsp; 3541 zfsvfs_t *zfsvfs; 3542#ifdef illumos 3543 int err; 3544#endif 3545 3546 if (strchr(snapname, '@') == NULL) 3547 return (0); 3548 3549 vfsp = zfs_get_vfs(snapname); 3550 if (vfsp == NULL) 3551 return (0); 3552 3553 zfsvfs = vfsp->vfs_data; 3554 ASSERT(!dsl_pool_config_held(dmu_objset_pool(zfsvfs->z_os))); 3555 3556#ifdef illumos 3557 err = vn_vfswlock(vfsp->vfs_vnodecovered); 3558 VFS_RELE(vfsp); 3559 if (err != 0) 3560 return (SET_ERROR(err)); 3561#endif 3562 3563 /* 3564 * Always force the unmount for snapshots. 3565 */ 3566#ifdef illumos 3567 (void) dounmount(vfsp, MS_FORCE, kcred); 3568#else 3569 (void) dounmount(vfsp, MS_FORCE, curthread); 3570#endif 3571 return (0); 3572} 3573 3574/* ARGSUSED */ 3575static int 3576zfs_unmount_snap_cb(const char *snapname, void *arg) 3577{ 3578 return (zfs_unmount_snap(snapname)); 3579} 3580 3581/* 3582 * When a clone is destroyed, its origin may also need to be destroyed, 3583 * in which case it must be unmounted. This routine will do that unmount 3584 * if necessary. 3585 */ 3586void 3587zfs_destroy_unmount_origin(const char *fsname) 3588{ 3589 int error; 3590 objset_t *os; 3591 dsl_dataset_t *ds; 3592 3593 error = dmu_objset_hold(fsname, FTAG, &os); 3594 if (error != 0) 3595 return; 3596 ds = dmu_objset_ds(os); 3597 if (dsl_dir_is_clone(ds->ds_dir) && DS_IS_DEFER_DESTROY(ds->ds_prev)) { 3598 char originname[ZFS_MAX_DATASET_NAME_LEN]; 3599 dsl_dataset_name(ds->ds_prev, originname); 3600 dmu_objset_rele(os, FTAG); 3601 (void) zfs_unmount_snap(originname); 3602 } else { 3603 dmu_objset_rele(os, FTAG); 3604 } 3605} 3606 3607/* 3608 * innvl: { 3609 * "snaps" -> { snapshot1, snapshot2 } 3610 * (optional boolean) "defer" 3611 * } 3612 * 3613 * outnvl: snapshot -> error code (int32) 3614 * 3615 */ 3616/* ARGSUSED */ 3617static int 3618zfs_ioc_destroy_snaps(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3619{ 3620 int error, poollen; 3621 nvlist_t *snaps; 3622 nvpair_t *pair; 3623 boolean_t defer; 3624 3625 if (nvlist_lookup_nvlist(innvl, "snaps", &snaps) != 0) 3626 return (SET_ERROR(EINVAL)); 3627 defer = nvlist_exists(innvl, "defer"); 3628 3629 poollen = strlen(poolname); 3630 for (pair = nvlist_next_nvpair(snaps, NULL); pair != NULL; 3631 pair = nvlist_next_nvpair(snaps, pair)) { 3632 const char *name = nvpair_name(pair); 3633 3634 /* 3635 * The snap must be in the specified pool to prevent the 3636 * invalid removal of zvol minors below. 3637 */ 3638 if (strncmp(name, poolname, poollen) != 0 || 3639 (name[poollen] != '/' && name[poollen] != '@')) 3640 return (SET_ERROR(EXDEV)); 3641 3642 error = zfs_unmount_snap(name); 3643 if (error != 0) 3644 return (error); 3645#if defined(__FreeBSD__) 3646 zvol_remove_minors(name); 3647#endif 3648 } 3649 3650 return (dsl_destroy_snapshots_nvl(snaps, defer, outnvl)); 3651} 3652 3653/* 3654 * Create bookmarks. Bookmark names are of the form <fs>#<bmark>. 3655 * All bookmarks must be in the same pool. 3656 * 3657 * innvl: { 3658 * bookmark1 -> snapshot1, bookmark2 -> snapshot2 3659 * } 3660 * 3661 * outnvl: bookmark -> error code (int32) 3662 * 3663 */ 3664/* ARGSUSED */ 3665static int 3666zfs_ioc_bookmark(const char *poolname, nvlist_t *innvl, nvlist_t *outnvl) 3667{ 3668 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3669 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3670 char *snap_name; 3671 3672 /* 3673 * Verify the snapshot argument. 3674 */ 3675 if (nvpair_value_string(pair, &snap_name) != 0) 3676 return (SET_ERROR(EINVAL)); 3677 3678 3679 /* Verify that the keys (bookmarks) are unique */ 3680 for (nvpair_t *pair2 = nvlist_next_nvpair(innvl, pair); 3681 pair2 != NULL; pair2 = nvlist_next_nvpair(innvl, pair2)) { 3682 if (strcmp(nvpair_name(pair), nvpair_name(pair2)) == 0) 3683 return (SET_ERROR(EINVAL)); 3684 } 3685 } 3686 3687 return (dsl_bookmark_create(innvl, outnvl)); 3688} 3689 3690/* 3691 * innvl: { 3692 * property 1, property 2, ... 3693 * } 3694 * 3695 * outnvl: { 3696 * bookmark name 1 -> { property 1, property 2, ... }, 3697 * bookmark name 2 -> { property 1, property 2, ... } 3698 * } 3699 * 3700 */ 3701static int 3702zfs_ioc_get_bookmarks(const char *fsname, nvlist_t *innvl, nvlist_t *outnvl) 3703{ 3704 return (dsl_get_bookmarks(fsname, innvl, outnvl)); 3705} 3706 3707/* 3708 * innvl: { 3709 * bookmark name 1, bookmark name 2 3710 * } 3711 * 3712 * outnvl: bookmark -> error code (int32) 3713 * 3714 */ 3715static int 3716zfs_ioc_destroy_bookmarks(const char *poolname, nvlist_t *innvl, 3717 nvlist_t *outnvl) 3718{ 3719 int error, poollen; 3720 3721 poollen = strlen(poolname); 3722 for (nvpair_t *pair = nvlist_next_nvpair(innvl, NULL); 3723 pair != NULL; pair = nvlist_next_nvpair(innvl, pair)) { 3724 const char *name = nvpair_name(pair); 3725 const char *cp = strchr(name, '#'); 3726 3727 /* 3728 * The bookmark name must contain an #, and the part after it 3729 * must contain only valid characters. 3730 */ 3731 if (cp == NULL || 3732 zfs_component_namecheck(cp + 1, NULL, NULL) != 0) 3733 return (SET_ERROR(EINVAL)); 3734 3735 /* 3736 * The bookmark must be in the specified pool. 3737 */ 3738 if (strncmp(name, poolname, poollen) != 0 || 3739 (name[poollen] != '/' && name[poollen] != '#')) 3740 return (SET_ERROR(EXDEV)); 3741 } 3742 3743 error = dsl_bookmark_destroy(innvl, outnvl); 3744 return (error); 3745} 3746 3747/* 3748 * inputs: 3749 * zc_name name of dataset to destroy 3750 * zc_objset_type type of objset 3751 * zc_defer_destroy mark for deferred destroy 3752 * 3753 * outputs: none 3754 */ 3755static int 3756zfs_ioc_destroy(zfs_cmd_t *zc) 3757{ 3758 int err; 3759 3760 if (zc->zc_objset_type == DMU_OST_ZFS) { 3761 err = zfs_unmount_snap(zc->zc_name); 3762 if (err != 0) 3763 return (err); 3764 } 3765 3766 if (strchr(zc->zc_name, '@')) 3767 err = dsl_destroy_snapshot(zc->zc_name, zc->zc_defer_destroy); 3768 else 3769 err = dsl_destroy_head(zc->zc_name); 3770 if (zc->zc_objset_type == DMU_OST_ZVOL && err == 0) 3771#ifdef __FreeBSD__ 3772 zvol_remove_minors(zc->zc_name); 3773#else 3774 (void) zvol_remove_minor(zc->zc_name); 3775#endif 3776 return (err); 3777} 3778 3779/* 3780 * fsname is name of dataset to rollback (to most recent snapshot) 3781 * 3782 * innvl is not used. 3783 * 3784 * outnvl: "target" -> name of most recent snapshot 3785 * } 3786 */ 3787/* ARGSUSED */ 3788static int 3789zfs_ioc_rollback(const char *fsname, nvlist_t *args, nvlist_t *outnvl) 3790{ 3791 zfsvfs_t *zfsvfs; 3792 int error; 3793 3794 if (getzfsvfs(fsname, &zfsvfs) == 0) { 3795 dsl_dataset_t *ds; 3796 3797 ds = dmu_objset_ds(zfsvfs->z_os); 3798 error = zfs_suspend_fs(zfsvfs); 3799 if (error == 0) { 3800 int resume_err; 3801 3802 error = dsl_dataset_rollback(fsname, zfsvfs, outnvl); 3803 resume_err = zfs_resume_fs(zfsvfs, ds); 3804 error = error ? error : resume_err; 3805 } 3806#ifdef illumos 3807 VFS_RELE(zfsvfs->z_vfs); 3808#else 3809 vfs_unbusy(zfsvfs->z_vfs); 3810#endif 3811 } else { 3812 error = dsl_dataset_rollback(fsname, NULL, outnvl); 3813 } 3814 return (error); 3815} 3816 3817static int 3818recursive_unmount(const char *fsname, void *arg) 3819{ 3820 const char *snapname = arg; 3821 char fullname[ZFS_MAX_DATASET_NAME_LEN]; 3822 3823 (void) snprintf(fullname, sizeof (fullname), "%s@%s", fsname, snapname); 3824 return (zfs_unmount_snap(fullname)); 3825} 3826 3827/* 3828 * inputs: 3829 * zc_name old name of dataset 3830 * zc_value new name of dataset 3831 * zc_cookie recursive flag (only valid for snapshots) 3832 * 3833 * outputs: none 3834 */ 3835static int 3836zfs_ioc_rename(zfs_cmd_t *zc) 3837{ 3838 boolean_t recursive = zc->zc_cookie & 1; 3839 char *at; 3840 boolean_t allow_mounted = B_TRUE; 3841 3842#ifdef __FreeBSD__ 3843 allow_mounted = (zc->zc_cookie & 2) != 0; 3844#endif 3845 3846 zc->zc_value[sizeof (zc->zc_value) - 1] = '\0'; 3847 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 3848 strchr(zc->zc_value, '%')) 3849 return (SET_ERROR(EINVAL)); 3850 3851 at = strchr(zc->zc_name, '@'); 3852 if (at != NULL) { 3853 /* snaps must be in same fs */ 3854 int error; 3855 3856 if (strncmp(zc->zc_name, zc->zc_value, at - zc->zc_name + 1)) 3857 return (SET_ERROR(EXDEV)); 3858 *at = '\0'; 3859 if (zc->zc_objset_type == DMU_OST_ZFS && !allow_mounted) { 3860 error = dmu_objset_find(zc->zc_name, 3861 recursive_unmount, at + 1, 3862 recursive ? DS_FIND_CHILDREN : 0); 3863 if (error != 0) { 3864 *at = '@'; 3865 return (error); 3866 } 3867 } 3868 error = dsl_dataset_rename_snapshot(zc->zc_name, 3869 at + 1, strchr(zc->zc_value, '@') + 1, recursive); 3870 *at = '@'; 3871 3872 return (error); 3873 } else { 3874#ifdef illumos 3875 if (zc->zc_objset_type == DMU_OST_ZVOL) 3876 (void) zvol_remove_minor(zc->zc_name); 3877#endif 3878 return (dsl_dir_rename(zc->zc_name, zc->zc_value)); 3879 } 3880} 3881 3882static int 3883zfs_check_settable(const char *dsname, nvpair_t *pair, cred_t *cr) 3884{ 3885 const char *propname = nvpair_name(pair); 3886 boolean_t issnap = (strchr(dsname, '@') != NULL); 3887 zfs_prop_t prop = zfs_name_to_prop(propname); 3888 uint64_t intval; 3889 int err; 3890 3891 if (prop == ZPROP_INVAL) { 3892 if (zfs_prop_user(propname)) { 3893 if (err = zfs_secpolicy_write_perms(dsname, 3894 ZFS_DELEG_PERM_USERPROP, cr)) 3895 return (err); 3896 return (0); 3897 } 3898 3899 if (!issnap && zfs_prop_userquota(propname)) { 3900 const char *perm = NULL; 3901 const char *uq_prefix = 3902 zfs_userquota_prop_prefixes[ZFS_PROP_USERQUOTA]; 3903 const char *gq_prefix = 3904 zfs_userquota_prop_prefixes[ZFS_PROP_GROUPQUOTA]; 3905 3906 if (strncmp(propname, uq_prefix, 3907 strlen(uq_prefix)) == 0) { 3908 perm = ZFS_DELEG_PERM_USERQUOTA; 3909 } else if (strncmp(propname, gq_prefix, 3910 strlen(gq_prefix)) == 0) { 3911 perm = ZFS_DELEG_PERM_GROUPQUOTA; 3912 } else { 3913 /* USERUSED and GROUPUSED are read-only */ 3914 return (SET_ERROR(EINVAL)); 3915 } 3916 3917 if (err = zfs_secpolicy_write_perms(dsname, perm, cr)) 3918 return (err); 3919 return (0); 3920 } 3921 3922 return (SET_ERROR(EINVAL)); 3923 } 3924 3925 if (issnap) 3926 return (SET_ERROR(EINVAL)); 3927 3928 if (nvpair_type(pair) == DATA_TYPE_NVLIST) { 3929 /* 3930 * dsl_prop_get_all_impl() returns properties in this 3931 * format. 3932 */ 3933 nvlist_t *attrs; 3934 VERIFY(nvpair_value_nvlist(pair, &attrs) == 0); 3935 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 3936 &pair) == 0); 3937 } 3938 3939 /* 3940 * Check that this value is valid for this pool version 3941 */ 3942 switch (prop) { 3943 case ZFS_PROP_COMPRESSION: 3944 /* 3945 * If the user specified gzip compression, make sure 3946 * the SPA supports it. We ignore any errors here since 3947 * we'll catch them later. 3948 */ 3949 if (nvpair_value_uint64(pair, &intval) == 0) { 3950 if (intval >= ZIO_COMPRESS_GZIP_1 && 3951 intval <= ZIO_COMPRESS_GZIP_9 && 3952 zfs_earlier_version(dsname, 3953 SPA_VERSION_GZIP_COMPRESSION)) { 3954 return (SET_ERROR(ENOTSUP)); 3955 } 3956 3957 if (intval == ZIO_COMPRESS_ZLE && 3958 zfs_earlier_version(dsname, 3959 SPA_VERSION_ZLE_COMPRESSION)) 3960 return (SET_ERROR(ENOTSUP)); 3961 3962 if (intval == ZIO_COMPRESS_LZ4) { 3963 spa_t *spa; 3964 3965 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 3966 return (err); 3967 3968 if (!spa_feature_is_enabled(spa, 3969 SPA_FEATURE_LZ4_COMPRESS)) { 3970 spa_close(spa, FTAG); 3971 return (SET_ERROR(ENOTSUP)); 3972 } 3973 spa_close(spa, FTAG); 3974 } 3975 3976 /* 3977 * If this is a bootable dataset then 3978 * verify that the compression algorithm 3979 * is supported for booting. We must return 3980 * something other than ENOTSUP since it 3981 * implies a downrev pool version. 3982 */ 3983 if (zfs_is_bootfs(dsname) && 3984 !BOOTFS_COMPRESS_VALID(intval)) { 3985 return (SET_ERROR(ERANGE)); 3986 } 3987 } 3988 break; 3989 3990 case ZFS_PROP_COPIES: 3991 if (zfs_earlier_version(dsname, SPA_VERSION_DITTO_BLOCKS)) 3992 return (SET_ERROR(ENOTSUP)); 3993 break; 3994 3995 case ZFS_PROP_RECORDSIZE: 3996 /* Record sizes above 128k need the feature to be enabled */ 3997 if (nvpair_value_uint64(pair, &intval) == 0 && 3998 intval > SPA_OLD_MAXBLOCKSIZE) { 3999 spa_t *spa; 4000 4001 /* 4002 * If this is a bootable dataset then 4003 * the we don't allow large (>128K) blocks, 4004 * because GRUB doesn't support them. 4005 */ 4006 if (zfs_is_bootfs(dsname) && 4007 intval > SPA_OLD_MAXBLOCKSIZE) { 4008 return (SET_ERROR(ERANGE)); 4009 } 4010 4011 /* 4012 * We don't allow setting the property above 1MB, 4013 * unless the tunable has been changed. 4014 */ 4015 if (intval > zfs_max_recordsize || 4016 intval > SPA_MAXBLOCKSIZE) 4017 return (SET_ERROR(ERANGE)); 4018 4019 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4020 return (err); 4021 4022 if (!spa_feature_is_enabled(spa, 4023 SPA_FEATURE_LARGE_BLOCKS)) { 4024 spa_close(spa, FTAG); 4025 return (SET_ERROR(ENOTSUP)); 4026 } 4027 spa_close(spa, FTAG); 4028 } 4029 break; 4030 4031 case ZFS_PROP_SHARESMB: 4032 if (zpl_earlier_version(dsname, ZPL_VERSION_FUID)) 4033 return (SET_ERROR(ENOTSUP)); 4034 break; 4035 4036 case ZFS_PROP_ACLINHERIT: 4037 if (nvpair_type(pair) == DATA_TYPE_UINT64 && 4038 nvpair_value_uint64(pair, &intval) == 0) { 4039 if (intval == ZFS_ACL_PASSTHROUGH_X && 4040 zfs_earlier_version(dsname, 4041 SPA_VERSION_PASSTHROUGH_X)) 4042 return (SET_ERROR(ENOTSUP)); 4043 } 4044 break; 4045 4046 case ZFS_PROP_CHECKSUM: 4047 case ZFS_PROP_DEDUP: 4048 { 4049 spa_feature_t feature; 4050 spa_t *spa; 4051 4052 /* dedup feature version checks */ 4053 if (prop == ZFS_PROP_DEDUP && 4054 zfs_earlier_version(dsname, SPA_VERSION_DEDUP)) 4055 return (SET_ERROR(ENOTSUP)); 4056 4057 if (nvpair_value_uint64(pair, &intval) != 0) 4058 return (SET_ERROR(EINVAL)); 4059 4060 /* check prop value is enabled in features */ 4061 feature = zio_checksum_to_feature(intval & ZIO_CHECKSUM_MASK); 4062 if (feature == SPA_FEATURE_NONE) 4063 break; 4064 4065 if ((err = spa_open(dsname, &spa, FTAG)) != 0) 4066 return (err); 4067 /* 4068 * Salted checksums are not supported on root pools. 4069 */ 4070 if (spa_bootfs(spa) != 0 && 4071 intval < ZIO_CHECKSUM_FUNCTIONS && 4072 (zio_checksum_table[intval].ci_flags & 4073 ZCHECKSUM_FLAG_SALTED)) { 4074 spa_close(spa, FTAG); 4075 return (SET_ERROR(ERANGE)); 4076 } 4077 if (!spa_feature_is_enabled(spa, feature)) { 4078 spa_close(spa, FTAG); 4079 return (SET_ERROR(ENOTSUP)); 4080 } 4081 spa_close(spa, FTAG); 4082 break; 4083 } 4084 } 4085 4086 return (zfs_secpolicy_setprop(dsname, prop, pair, CRED())); 4087} 4088 4089/* 4090 * Checks for a race condition to make sure we don't increment a feature flag 4091 * multiple times. 4092 */ 4093static int 4094zfs_prop_activate_feature_check(void *arg, dmu_tx_t *tx) 4095{ 4096 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4097 spa_feature_t *featurep = arg; 4098 4099 if (!spa_feature_is_active(spa, *featurep)) 4100 return (0); 4101 else 4102 return (SET_ERROR(EBUSY)); 4103} 4104 4105/* 4106 * The callback invoked on feature activation in the sync task caused by 4107 * zfs_prop_activate_feature. 4108 */ 4109static void 4110zfs_prop_activate_feature_sync(void *arg, dmu_tx_t *tx) 4111{ 4112 spa_t *spa = dmu_tx_pool(tx)->dp_spa; 4113 spa_feature_t *featurep = arg; 4114 4115 spa_feature_incr(spa, *featurep, tx); 4116} 4117 4118/* 4119 * Activates a feature on a pool in response to a property setting. This 4120 * creates a new sync task which modifies the pool to reflect the feature 4121 * as being active. 4122 */ 4123static int 4124zfs_prop_activate_feature(spa_t *spa, spa_feature_t feature) 4125{ 4126 int err; 4127 4128 /* EBUSY here indicates that the feature is already active */ 4129 err = dsl_sync_task(spa_name(spa), 4130 zfs_prop_activate_feature_check, zfs_prop_activate_feature_sync, 4131 &feature, 2, ZFS_SPACE_CHECK_RESERVED); 4132 4133 if (err != 0 && err != EBUSY) 4134 return (err); 4135 else 4136 return (0); 4137} 4138 4139/* 4140 * Removes properties from the given props list that fail permission checks 4141 * needed to clear them and to restore them in case of a receive error. For each 4142 * property, make sure we have both set and inherit permissions. 4143 * 4144 * Returns the first error encountered if any permission checks fail. If the 4145 * caller provides a non-NULL errlist, it also gives the complete list of names 4146 * of all the properties that failed a permission check along with the 4147 * corresponding error numbers. The caller is responsible for freeing the 4148 * returned errlist. 4149 * 4150 * If every property checks out successfully, zero is returned and the list 4151 * pointed at by errlist is NULL. 4152 */ 4153static int 4154zfs_check_clearable(char *dataset, nvlist_t *props, nvlist_t **errlist) 4155{ 4156 zfs_cmd_t *zc; 4157 nvpair_t *pair, *next_pair; 4158 nvlist_t *errors; 4159 int err, rv = 0; 4160 4161 if (props == NULL) 4162 return (0); 4163 4164 VERIFY(nvlist_alloc(&errors, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4165 4166 zc = kmem_alloc(sizeof (zfs_cmd_t), KM_SLEEP); 4167 (void) strcpy(zc->zc_name, dataset); 4168 pair = nvlist_next_nvpair(props, NULL); 4169 while (pair != NULL) { 4170 next_pair = nvlist_next_nvpair(props, pair); 4171 4172 (void) strcpy(zc->zc_value, nvpair_name(pair)); 4173 if ((err = zfs_check_settable(dataset, pair, CRED())) != 0 || 4174 (err = zfs_secpolicy_inherit_prop(zc, NULL, CRED())) != 0) { 4175 VERIFY(nvlist_remove_nvpair(props, pair) == 0); 4176 VERIFY(nvlist_add_int32(errors, 4177 zc->zc_value, err) == 0); 4178 } 4179 pair = next_pair; 4180 } 4181 kmem_free(zc, sizeof (zfs_cmd_t)); 4182 4183 if ((pair = nvlist_next_nvpair(errors, NULL)) == NULL) { 4184 nvlist_free(errors); 4185 errors = NULL; 4186 } else { 4187 VERIFY(nvpair_value_int32(pair, &rv) == 0); 4188 } 4189 4190 if (errlist == NULL) 4191 nvlist_free(errors); 4192 else 4193 *errlist = errors; 4194 4195 return (rv); 4196} 4197 4198static boolean_t 4199propval_equals(nvpair_t *p1, nvpair_t *p2) 4200{ 4201 if (nvpair_type(p1) == DATA_TYPE_NVLIST) { 4202 /* dsl_prop_get_all_impl() format */ 4203 nvlist_t *attrs; 4204 VERIFY(nvpair_value_nvlist(p1, &attrs) == 0); 4205 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4206 &p1) == 0); 4207 } 4208 4209 if (nvpair_type(p2) == DATA_TYPE_NVLIST) { 4210 nvlist_t *attrs; 4211 VERIFY(nvpair_value_nvlist(p2, &attrs) == 0); 4212 VERIFY(nvlist_lookup_nvpair(attrs, ZPROP_VALUE, 4213 &p2) == 0); 4214 } 4215 4216 if (nvpair_type(p1) != nvpair_type(p2)) 4217 return (B_FALSE); 4218 4219 if (nvpair_type(p1) == DATA_TYPE_STRING) { 4220 char *valstr1, *valstr2; 4221 4222 VERIFY(nvpair_value_string(p1, (char **)&valstr1) == 0); 4223 VERIFY(nvpair_value_string(p2, (char **)&valstr2) == 0); 4224 return (strcmp(valstr1, valstr2) == 0); 4225 } else { 4226 uint64_t intval1, intval2; 4227 4228 VERIFY(nvpair_value_uint64(p1, &intval1) == 0); 4229 VERIFY(nvpair_value_uint64(p2, &intval2) == 0); 4230 return (intval1 == intval2); 4231 } 4232} 4233 4234/* 4235 * Remove properties from props if they are not going to change (as determined 4236 * by comparison with origprops). Remove them from origprops as well, since we 4237 * do not need to clear or restore properties that won't change. 4238 */ 4239static void 4240props_reduce(nvlist_t *props, nvlist_t *origprops) 4241{ 4242 nvpair_t *pair, *next_pair; 4243 4244 if (origprops == NULL) 4245 return; /* all props need to be received */ 4246 4247 pair = nvlist_next_nvpair(props, NULL); 4248 while (pair != NULL) { 4249 const char *propname = nvpair_name(pair); 4250 nvpair_t *match; 4251 4252 next_pair = nvlist_next_nvpair(props, pair); 4253 4254 if ((nvlist_lookup_nvpair(origprops, propname, 4255 &match) != 0) || !propval_equals(pair, match)) 4256 goto next; /* need to set received value */ 4257 4258 /* don't clear the existing received value */ 4259 (void) nvlist_remove_nvpair(origprops, match); 4260 /* don't bother receiving the property */ 4261 (void) nvlist_remove_nvpair(props, pair); 4262next: 4263 pair = next_pair; 4264 } 4265} 4266 4267/* 4268 * Extract properties that cannot be set PRIOR to the receipt of a dataset. 4269 * For example, refquota cannot be set until after the receipt of a dataset, 4270 * because in replication streams, an older/earlier snapshot may exceed the 4271 * refquota. We want to receive the older/earlier snapshot, but setting 4272 * refquota pre-receipt will set the dsl's ACTUAL quota, which will prevent 4273 * the older/earlier snapshot from being received (with EDQUOT). 4274 * 4275 * The ZFS test "zfs_receive_011_pos" demonstrates such a scenario. 4276 * 4277 * libzfs will need to be judicious handling errors encountered by props 4278 * extracted by this function. 4279 */ 4280static nvlist_t * 4281extract_delay_props(nvlist_t *props) 4282{ 4283 nvlist_t *delayprops; 4284 nvpair_t *nvp, *tmp; 4285 static const zfs_prop_t delayable[] = { ZFS_PROP_REFQUOTA, 0 }; 4286 int i; 4287 4288 VERIFY(nvlist_alloc(&delayprops, NV_UNIQUE_NAME, KM_SLEEP) == 0); 4289 4290 for (nvp = nvlist_next_nvpair(props, NULL); nvp != NULL; 4291 nvp = nvlist_next_nvpair(props, nvp)) { 4292 /* 4293 * strcmp() is safe because zfs_prop_to_name() always returns 4294 * a bounded string. 4295 */ 4296 for (i = 0; delayable[i] != 0; i++) { 4297 if (strcmp(zfs_prop_to_name(delayable[i]), 4298 nvpair_name(nvp)) == 0) { 4299 break; 4300 } 4301 } 4302 if (delayable[i] != 0) { 4303 tmp = nvlist_prev_nvpair(props, nvp); 4304 VERIFY(nvlist_add_nvpair(delayprops, nvp) == 0); 4305 VERIFY(nvlist_remove_nvpair(props, nvp) == 0); 4306 nvp = tmp; 4307 } 4308 } 4309 4310 if (nvlist_empty(delayprops)) { 4311 nvlist_free(delayprops); 4312 delayprops = NULL; 4313 } 4314 return (delayprops); 4315} 4316 4317#ifdef DEBUG 4318static boolean_t zfs_ioc_recv_inject_err; 4319#endif 4320 4321/* 4322 * inputs: 4323 * zc_name name of containing filesystem 4324 * zc_nvlist_src{_size} nvlist of properties to apply 4325 * zc_value name of snapshot to create 4326 * zc_string name of clone origin (if DRR_FLAG_CLONE) 4327 * zc_cookie file descriptor to recv from 4328 * zc_begin_record the BEGIN record of the stream (not byteswapped) 4329 * zc_guid force flag 4330 * zc_cleanup_fd cleanup-on-exit file descriptor 4331 * zc_action_handle handle for this guid/ds mapping (or zero on first call) 4332 * zc_resumable if data is incomplete assume sender will resume 4333 * 4334 * outputs: 4335 * zc_cookie number of bytes read 4336 * zc_nvlist_dst{_size} error for each unapplied received property 4337 * zc_obj zprop_errflags_t 4338 * zc_action_handle handle for this guid/ds mapping 4339 */ 4340static int 4341zfs_ioc_recv(zfs_cmd_t *zc) 4342{ 4343 file_t *fp; 4344 dmu_recv_cookie_t drc; 4345 boolean_t force = (boolean_t)zc->zc_guid; 4346 int fd; 4347 int error = 0; 4348 int props_error = 0; 4349 nvlist_t *errors; 4350 offset_t off; 4351 nvlist_t *props = NULL; /* sent properties */ 4352 nvlist_t *origprops = NULL; /* existing properties */ 4353 nvlist_t *delayprops = NULL; /* sent properties applied post-receive */ 4354 char *origin = NULL; 4355 char *tosnap; 4356 char tofs[ZFS_MAX_DATASET_NAME_LEN]; 4357 cap_rights_t rights; 4358 boolean_t first_recvd_props = B_FALSE; 4359 4360 if (dataset_namecheck(zc->zc_value, NULL, NULL) != 0 || 4361 strchr(zc->zc_value, '@') == NULL || 4362 strchr(zc->zc_value, '%')) 4363 return (SET_ERROR(EINVAL)); 4364 4365 (void) strcpy(tofs, zc->zc_value); 4366 tosnap = strchr(tofs, '@'); 4367 *tosnap++ = '\0'; 4368 4369 if (zc->zc_nvlist_src != 0 && 4370 (error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 4371 zc->zc_iflags, &props)) != 0) 4372 return (error); 4373 4374 fd = zc->zc_cookie; 4375#ifdef illumos 4376 fp = getf(fd); 4377#else 4378 fget_read(curthread, fd, cap_rights_init(&rights, CAP_PREAD), &fp); 4379#endif 4380 if (fp == NULL) { 4381 nvlist_free(props); 4382 return (SET_ERROR(EBADF)); 4383 } 4384 4385 errors = fnvlist_alloc(); 4386 4387 if (zc->zc_string[0]) 4388 origin = zc->zc_string; 4389 4390 error = dmu_recv_begin(tofs, tosnap, 4391 &zc->zc_begin_record, force, zc->zc_resumable, origin, &drc); 4392 if (error != 0) 4393 goto out; 4394 4395 /* 4396 * Set properties before we receive the stream so that they are applied 4397 * to the new data. Note that we must call dmu_recv_stream() if 4398 * dmu_recv_begin() succeeds. 4399 */ 4400 if (props != NULL && !drc.drc_newfs) { 4401 if (spa_version(dsl_dataset_get_spa(drc.drc_ds)) >= 4402 SPA_VERSION_RECVD_PROPS && 4403 !dsl_prop_get_hasrecvd(tofs)) 4404 first_recvd_props = B_TRUE; 4405 4406 /* 4407 * If new received properties are supplied, they are to 4408 * completely replace the existing received properties, so stash 4409 * away the existing ones. 4410 */ 4411 if (dsl_prop_get_received(tofs, &origprops) == 0) { 4412 nvlist_t *errlist = NULL; 4413 /* 4414 * Don't bother writing a property if its value won't 4415 * change (and avoid the unnecessary security checks). 4416 * 4417 * The first receive after SPA_VERSION_RECVD_PROPS is a 4418 * special case where we blow away all local properties 4419 * regardless. 4420 */ 4421 if (!first_recvd_props) 4422 props_reduce(props, origprops); 4423 if (zfs_check_clearable(tofs, origprops, &errlist) != 0) 4424 (void) nvlist_merge(errors, errlist, 0); 4425 nvlist_free(errlist); 4426 4427 if (clear_received_props(tofs, origprops, 4428 first_recvd_props ? NULL : props) != 0) 4429 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4430 } else { 4431 zc->zc_obj |= ZPROP_ERR_NOCLEAR; 4432 } 4433 } 4434 4435 if (props != NULL) { 4436 props_error = dsl_prop_set_hasrecvd(tofs); 4437 4438 if (props_error == 0) { 4439 delayprops = extract_delay_props(props); 4440 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4441 props, errors); 4442 } 4443 } 4444 4445 off = fp->f_offset; 4446 error = dmu_recv_stream(&drc, fp, &off, zc->zc_cleanup_fd, 4447 &zc->zc_action_handle); 4448 4449 if (error == 0) { 4450 zfsvfs_t *zfsvfs = NULL; 4451 4452 if (getzfsvfs(tofs, &zfsvfs) == 0) { 4453 /* online recv */ 4454 dsl_dataset_t *ds; 4455 int end_err; 4456 4457 ds = dmu_objset_ds(zfsvfs->z_os); 4458 error = zfs_suspend_fs(zfsvfs); 4459 /* 4460 * If the suspend fails, then the recv_end will 4461 * likely also fail, and clean up after itself. 4462 */ 4463 end_err = dmu_recv_end(&drc, zfsvfs); 4464 if (error == 0) 4465 error = zfs_resume_fs(zfsvfs, ds); 4466 error = error ? error : end_err; 4467#ifdef illumos 4468 VFS_RELE(zfsvfs->z_vfs); 4469#else 4470 vfs_unbusy(zfsvfs->z_vfs); 4471#endif 4472 } else { 4473 error = dmu_recv_end(&drc, NULL); 4474 } 4475 4476 /* Set delayed properties now, after we're done receiving. */ 4477 if (delayprops != NULL && error == 0) { 4478 (void) zfs_set_prop_nvlist(tofs, ZPROP_SRC_RECEIVED, 4479 delayprops, errors); 4480 } 4481 } 4482 4483 if (delayprops != NULL) { 4484 /* 4485 * Merge delayed props back in with initial props, in case 4486 * we're DEBUG and zfs_ioc_recv_inject_err is set (which means 4487 * we have to make sure clear_received_props() includes 4488 * the delayed properties). 4489 * 4490 * Since zfs_ioc_recv_inject_err is only in DEBUG kernels, 4491 * using ASSERT() will be just like a VERIFY. 4492 */ 4493 ASSERT(nvlist_merge(props, delayprops, 0) == 0); 4494 nvlist_free(delayprops); 4495 } 4496 4497 /* 4498 * Now that all props, initial and delayed, are set, report the prop 4499 * errors to the caller. 4500 */ 4501 if (zc->zc_nvlist_dst_size != 0 && 4502 (nvlist_smush(errors, zc->zc_nvlist_dst_size) != 0 || 4503 put_nvlist(zc, errors) != 0)) { 4504 /* 4505 * Caller made zc->zc_nvlist_dst less than the minimum expected 4506 * size or supplied an invalid address. 4507 */ 4508 props_error = SET_ERROR(EINVAL); 4509 } 4510 4511 zc->zc_cookie = off - fp->f_offset; 4512 if (off >= 0 && off <= MAXOFFSET_T) 4513 fp->f_offset = off; 4514 4515#ifdef DEBUG 4516 if (zfs_ioc_recv_inject_err) { 4517 zfs_ioc_recv_inject_err = B_FALSE; 4518 error = 1; 4519 } 4520#endif 4521 4522#ifdef __FreeBSD__ 4523 if (error == 0) 4524 zvol_create_minors(tofs); 4525#endif 4526 4527 /* 4528 * On error, restore the original props. 4529 */ 4530 if (error != 0 && props != NULL && !drc.drc_newfs) { 4531 if (clear_received_props(tofs, props, NULL) != 0) { 4532 /* 4533 * We failed to clear the received properties. 4534 * Since we may have left a $recvd value on the 4535 * system, we can't clear the $hasrecvd flag. 4536 */ 4537 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4538 } else if (first_recvd_props) { 4539 dsl_prop_unset_hasrecvd(tofs); 4540 } 4541 4542 if (origprops == NULL && !drc.drc_newfs) { 4543 /* We failed to stash the original properties. */ 4544 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4545 } 4546 4547 /* 4548 * dsl_props_set() will not convert RECEIVED to LOCAL on or 4549 * after SPA_VERSION_RECVD_PROPS, so we need to specify LOCAL 4550 * explictly if we're restoring local properties cleared in the 4551 * first new-style receive. 4552 */ 4553 if (origprops != NULL && 4554 zfs_set_prop_nvlist(tofs, (first_recvd_props ? 4555 ZPROP_SRC_LOCAL : ZPROP_SRC_RECEIVED), 4556 origprops, NULL) != 0) { 4557 /* 4558 * We stashed the original properties but failed to 4559 * restore them. 4560 */ 4561 zc->zc_obj |= ZPROP_ERR_NORESTORE; 4562 } 4563 } 4564out: 4565 nvlist_free(props); 4566 nvlist_free(origprops); 4567 nvlist_free(errors); 4568 releasef(fd); 4569 4570 if (error == 0) 4571 error = props_error; 4572 4573 return (error); 4574} 4575 4576/* 4577 * inputs: 4578 * zc_name name of snapshot to send 4579 * zc_cookie file descriptor to send stream to 4580 * zc_obj fromorigin flag (mutually exclusive with zc_fromobj) 4581 * zc_sendobj objsetid of snapshot to send 4582 * zc_fromobj objsetid of incremental fromsnap (may be zero) 4583 * zc_guid if set, estimate size of stream only. zc_cookie is ignored. 4584 * output size in zc_objset_type. 4585 * zc_flags lzc_send_flags 4586 * 4587 * outputs: 4588 * zc_objset_type estimated size, if zc_guid is set 4589 */ 4590static int 4591zfs_ioc_send(zfs_cmd_t *zc) 4592{ 4593 int error; 4594 offset_t off; 4595 boolean_t estimate = (zc->zc_guid != 0); 4596 boolean_t embedok = (zc->zc_flags & 0x1); 4597 boolean_t large_block_ok = (zc->zc_flags & 0x2); 4598 4599 if (zc->zc_obj != 0) { 4600 dsl_pool_t *dp; 4601 dsl_dataset_t *tosnap; 4602 4603 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4604 if (error != 0) 4605 return (error); 4606 4607 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4608 if (error != 0) { 4609 dsl_pool_rele(dp, FTAG); 4610 return (error); 4611 } 4612 4613 if (dsl_dir_is_clone(tosnap->ds_dir)) 4614 zc->zc_fromobj = 4615 dsl_dir_phys(tosnap->ds_dir)->dd_origin_obj; 4616 dsl_dataset_rele(tosnap, FTAG); 4617 dsl_pool_rele(dp, FTAG); 4618 } 4619 4620 if (estimate) { 4621 dsl_pool_t *dp; 4622 dsl_dataset_t *tosnap; 4623 dsl_dataset_t *fromsnap = NULL; 4624 4625 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4626 if (error != 0) 4627 return (error); 4628 4629 error = dsl_dataset_hold_obj(dp, zc->zc_sendobj, FTAG, &tosnap); 4630 if (error != 0) { 4631 dsl_pool_rele(dp, FTAG); 4632 return (error); 4633 } 4634 4635 if (zc->zc_fromobj != 0) { 4636 error = dsl_dataset_hold_obj(dp, zc->zc_fromobj, 4637 FTAG, &fromsnap); 4638 if (error != 0) { 4639 dsl_dataset_rele(tosnap, FTAG); 4640 dsl_pool_rele(dp, FTAG); 4641 return (error); 4642 } 4643 } 4644 4645 error = dmu_send_estimate(tosnap, fromsnap, 4646 &zc->zc_objset_type); 4647 4648 if (fromsnap != NULL) 4649 dsl_dataset_rele(fromsnap, FTAG); 4650 dsl_dataset_rele(tosnap, FTAG); 4651 dsl_pool_rele(dp, FTAG); 4652 } else { 4653 file_t *fp; 4654 cap_rights_t rights; 4655 4656#ifdef illumos 4657 fp = getf(zc->zc_cookie); 4658#else 4659 fget_write(curthread, zc->zc_cookie, 4660 cap_rights_init(&rights, CAP_WRITE), &fp); 4661#endif 4662 if (fp == NULL) 4663 return (SET_ERROR(EBADF)); 4664 4665 off = fp->f_offset; 4666 error = dmu_send_obj(zc->zc_name, zc->zc_sendobj, 4667 zc->zc_fromobj, embedok, large_block_ok, 4668#ifdef illumos 4669 zc->zc_cookie, fp->f_vnode, &off); 4670#else 4671 zc->zc_cookie, fp, &off); 4672#endif 4673 4674 if (off >= 0 && off <= MAXOFFSET_T) 4675 fp->f_offset = off; 4676 releasef(zc->zc_cookie); 4677 } 4678 return (error); 4679} 4680 4681/* 4682 * inputs: 4683 * zc_name name of snapshot on which to report progress 4684 * zc_cookie file descriptor of send stream 4685 * 4686 * outputs: 4687 * zc_cookie number of bytes written in send stream thus far 4688 */ 4689static int 4690zfs_ioc_send_progress(zfs_cmd_t *zc) 4691{ 4692 dsl_pool_t *dp; 4693 dsl_dataset_t *ds; 4694 dmu_sendarg_t *dsp = NULL; 4695 int error; 4696 4697 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 4698 if (error != 0) 4699 return (error); 4700 4701 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &ds); 4702 if (error != 0) { 4703 dsl_pool_rele(dp, FTAG); 4704 return (error); 4705 } 4706 4707 mutex_enter(&ds->ds_sendstream_lock); 4708 4709 /* 4710 * Iterate over all the send streams currently active on this dataset. 4711 * If there's one which matches the specified file descriptor _and_ the 4712 * stream was started by the current process, return the progress of 4713 * that stream. 4714 */ 4715 for (dsp = list_head(&ds->ds_sendstreams); dsp != NULL; 4716 dsp = list_next(&ds->ds_sendstreams, dsp)) { 4717 if (dsp->dsa_outfd == zc->zc_cookie && 4718 dsp->dsa_proc == curproc) 4719 break; 4720 } 4721 4722 if (dsp != NULL) 4723 zc->zc_cookie = *(dsp->dsa_off); 4724 else 4725 error = SET_ERROR(ENOENT); 4726 4727 mutex_exit(&ds->ds_sendstream_lock); 4728 dsl_dataset_rele(ds, FTAG); 4729 dsl_pool_rele(dp, FTAG); 4730 return (error); 4731} 4732 4733static int 4734zfs_ioc_inject_fault(zfs_cmd_t *zc) 4735{ 4736 int id, error; 4737 4738 error = zio_inject_fault(zc->zc_name, (int)zc->zc_guid, &id, 4739 &zc->zc_inject_record); 4740 4741 if (error == 0) 4742 zc->zc_guid = (uint64_t)id; 4743 4744 return (error); 4745} 4746 4747static int 4748zfs_ioc_clear_fault(zfs_cmd_t *zc) 4749{ 4750 return (zio_clear_fault((int)zc->zc_guid)); 4751} 4752 4753static int 4754zfs_ioc_inject_list_next(zfs_cmd_t *zc) 4755{ 4756 int id = (int)zc->zc_guid; 4757 int error; 4758 4759 error = zio_inject_list_next(&id, zc->zc_name, sizeof (zc->zc_name), 4760 &zc->zc_inject_record); 4761 4762 zc->zc_guid = id; 4763 4764 return (error); 4765} 4766 4767static int 4768zfs_ioc_error_log(zfs_cmd_t *zc) 4769{ 4770 spa_t *spa; 4771 int error; 4772 size_t count = (size_t)zc->zc_nvlist_dst_size; 4773 4774 if ((error = spa_open(zc->zc_name, &spa, FTAG)) != 0) 4775 return (error); 4776 4777 error = spa_get_errlog(spa, (void *)(uintptr_t)zc->zc_nvlist_dst, 4778 &count); 4779 if (error == 0) 4780 zc->zc_nvlist_dst_size = count; 4781 else 4782 zc->zc_nvlist_dst_size = spa_get_errlog_size(spa); 4783 4784 spa_close(spa, FTAG); 4785 4786 return (error); 4787} 4788 4789static int 4790zfs_ioc_clear(zfs_cmd_t *zc) 4791{ 4792 spa_t *spa; 4793 vdev_t *vd; 4794 int error; 4795 4796 /* 4797 * On zpool clear we also fix up missing slogs 4798 */ 4799 mutex_enter(&spa_namespace_lock); 4800 spa = spa_lookup(zc->zc_name); 4801 if (spa == NULL) { 4802 mutex_exit(&spa_namespace_lock); 4803 return (SET_ERROR(EIO)); 4804 } 4805 if (spa_get_log_state(spa) == SPA_LOG_MISSING) { 4806 /* we need to let spa_open/spa_load clear the chains */ 4807 spa_set_log_state(spa, SPA_LOG_CLEAR); 4808 } 4809 spa->spa_last_open_failed = 0; 4810 mutex_exit(&spa_namespace_lock); 4811 4812 if (zc->zc_cookie & ZPOOL_NO_REWIND) { 4813 error = spa_open(zc->zc_name, &spa, FTAG); 4814 } else { 4815 nvlist_t *policy; 4816 nvlist_t *config = NULL; 4817 4818 if (zc->zc_nvlist_src == 0) 4819 return (SET_ERROR(EINVAL)); 4820 4821 if ((error = get_nvlist(zc->zc_nvlist_src, 4822 zc->zc_nvlist_src_size, zc->zc_iflags, &policy)) == 0) { 4823 error = spa_open_rewind(zc->zc_name, &spa, FTAG, 4824 policy, &config); 4825 if (config != NULL) { 4826 int err; 4827 4828 if ((err = put_nvlist(zc, config)) != 0) 4829 error = err; 4830 nvlist_free(config); 4831 } 4832 nvlist_free(policy); 4833 } 4834 } 4835 4836 if (error != 0) 4837 return (error); 4838 4839 spa_vdev_state_enter(spa, SCL_NONE); 4840 4841 if (zc->zc_guid == 0) { 4842 vd = NULL; 4843 } else { 4844 vd = spa_lookup_by_guid(spa, zc->zc_guid, B_TRUE); 4845 if (vd == NULL) { 4846 (void) spa_vdev_state_exit(spa, NULL, ENODEV); 4847 spa_close(spa, FTAG); 4848 return (SET_ERROR(ENODEV)); 4849 } 4850 } 4851 4852 vdev_clear(spa, vd); 4853 4854 (void) spa_vdev_state_exit(spa, NULL, 0); 4855 4856 /* 4857 * Resume any suspended I/Os. 4858 */ 4859 if (zio_resume(spa) != 0) 4860 error = SET_ERROR(EIO); 4861 4862 spa_close(spa, FTAG); 4863 4864 return (error); 4865} 4866 4867static int 4868zfs_ioc_pool_reopen(zfs_cmd_t *zc) 4869{ 4870 spa_t *spa; 4871 int error; 4872 4873 error = spa_open(zc->zc_name, &spa, FTAG); 4874 if (error != 0) 4875 return (error); 4876 4877 spa_vdev_state_enter(spa, SCL_NONE); 4878 4879 /* 4880 * If a resilver is already in progress then set the 4881 * spa_scrub_reopen flag to B_TRUE so that we don't restart 4882 * the scan as a side effect of the reopen. Otherwise, let 4883 * vdev_open() decided if a resilver is required. 4884 */ 4885 spa->spa_scrub_reopen = dsl_scan_resilvering(spa->spa_dsl_pool); 4886 vdev_reopen(spa->spa_root_vdev); 4887 spa->spa_scrub_reopen = B_FALSE; 4888 4889 (void) spa_vdev_state_exit(spa, NULL, 0); 4890 spa_close(spa, FTAG); 4891 return (0); 4892} 4893/* 4894 * inputs: 4895 * zc_name name of filesystem 4896 * zc_value name of origin snapshot 4897 * 4898 * outputs: 4899 * zc_string name of conflicting snapshot, if there is one 4900 */ 4901static int 4902zfs_ioc_promote(zfs_cmd_t *zc) 4903{ 4904 char *cp; 4905 4906 /* 4907 * We don't need to unmount *all* the origin fs's snapshots, but 4908 * it's easier. 4909 */ 4910 cp = strchr(zc->zc_value, '@'); 4911 if (cp) 4912 *cp = '\0'; 4913 (void) dmu_objset_find(zc->zc_value, 4914 zfs_unmount_snap_cb, NULL, DS_FIND_SNAPSHOTS); 4915 return (dsl_dataset_promote(zc->zc_name, zc->zc_string)); 4916} 4917 4918/* 4919 * Retrieve a single {user|group}{used|quota}@... property. 4920 * 4921 * inputs: 4922 * zc_name name of filesystem 4923 * zc_objset_type zfs_userquota_prop_t 4924 * zc_value domain name (eg. "S-1-234-567-89") 4925 * zc_guid RID/UID/GID 4926 * 4927 * outputs: 4928 * zc_cookie property value 4929 */ 4930static int 4931zfs_ioc_userspace_one(zfs_cmd_t *zc) 4932{ 4933 zfsvfs_t *zfsvfs; 4934 int error; 4935 4936 if (zc->zc_objset_type >= ZFS_NUM_USERQUOTA_PROPS) 4937 return (SET_ERROR(EINVAL)); 4938 4939 error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4940 if (error != 0) 4941 return (error); 4942 4943 error = zfs_userspace_one(zfsvfs, 4944 zc->zc_objset_type, zc->zc_value, zc->zc_guid, &zc->zc_cookie); 4945 zfsvfs_rele(zfsvfs, FTAG); 4946 4947 return (error); 4948} 4949 4950/* 4951 * inputs: 4952 * zc_name name of filesystem 4953 * zc_cookie zap cursor 4954 * zc_objset_type zfs_userquota_prop_t 4955 * zc_nvlist_dst[_size] buffer to fill (not really an nvlist) 4956 * 4957 * outputs: 4958 * zc_nvlist_dst[_size] data buffer (array of zfs_useracct_t) 4959 * zc_cookie zap cursor 4960 */ 4961static int 4962zfs_ioc_userspace_many(zfs_cmd_t *zc) 4963{ 4964 zfsvfs_t *zfsvfs; 4965 int bufsize = zc->zc_nvlist_dst_size; 4966 4967 if (bufsize <= 0) 4968 return (SET_ERROR(ENOMEM)); 4969 4970 int error = zfsvfs_hold(zc->zc_name, FTAG, &zfsvfs, B_FALSE); 4971 if (error != 0) 4972 return (error); 4973 4974 void *buf = kmem_alloc(bufsize, KM_SLEEP); 4975 4976 error = zfs_userspace_many(zfsvfs, zc->zc_objset_type, &zc->zc_cookie, 4977 buf, &zc->zc_nvlist_dst_size); 4978 4979 if (error == 0) { 4980 error = ddi_copyout(buf, 4981 (void *)(uintptr_t)zc->zc_nvlist_dst, 4982 zc->zc_nvlist_dst_size, zc->zc_iflags); 4983 } 4984 kmem_free(buf, bufsize); 4985 zfsvfs_rele(zfsvfs, FTAG); 4986 4987 return (error); 4988} 4989 4990/* 4991 * inputs: 4992 * zc_name name of filesystem 4993 * 4994 * outputs: 4995 * none 4996 */ 4997static int 4998zfs_ioc_userspace_upgrade(zfs_cmd_t *zc) 4999{ 5000 objset_t *os; 5001 int error = 0; 5002 zfsvfs_t *zfsvfs; 5003 5004 if (getzfsvfs(zc->zc_name, &zfsvfs) == 0) { 5005 if (!dmu_objset_userused_enabled(zfsvfs->z_os)) { 5006 /* 5007 * If userused is not enabled, it may be because the 5008 * objset needs to be closed & reopened (to grow the 5009 * objset_phys_t). Suspend/resume the fs will do that. 5010 */ 5011 dsl_dataset_t *ds; 5012 5013 ds = dmu_objset_ds(zfsvfs->z_os); 5014 error = zfs_suspend_fs(zfsvfs); 5015 if (error == 0) { 5016 dmu_objset_refresh_ownership(zfsvfs->z_os, 5017 zfsvfs); 5018 error = zfs_resume_fs(zfsvfs, ds); 5019 } 5020 } 5021 if (error == 0) 5022 error = dmu_objset_userspace_upgrade(zfsvfs->z_os); 5023#ifdef illumos 5024 VFS_RELE(zfsvfs->z_vfs); 5025#else 5026 vfs_unbusy(zfsvfs->z_vfs); 5027#endif 5028 } else { 5029 /* XXX kind of reading contents without owning */ 5030 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5031 if (error != 0) 5032 return (error); 5033 5034 error = dmu_objset_userspace_upgrade(os); 5035 dmu_objset_rele(os, FTAG); 5036 } 5037 5038 return (error); 5039} 5040 5041#ifdef illumos 5042/* 5043 * We don't want to have a hard dependency 5044 * against some special symbols in sharefs 5045 * nfs, and smbsrv. Determine them if needed when 5046 * the first file system is shared. 5047 * Neither sharefs, nfs or smbsrv are unloadable modules. 5048 */ 5049int (*znfsexport_fs)(void *arg); 5050int (*zshare_fs)(enum sharefs_sys_op, share_t *, uint32_t); 5051int (*zsmbexport_fs)(void *arg, boolean_t add_share); 5052 5053int zfs_nfsshare_inited; 5054int zfs_smbshare_inited; 5055 5056ddi_modhandle_t nfs_mod; 5057ddi_modhandle_t sharefs_mod; 5058ddi_modhandle_t smbsrv_mod; 5059#endif /* illumos */ 5060kmutex_t zfs_share_lock; 5061 5062#ifdef illumos 5063static int 5064zfs_init_sharefs() 5065{ 5066 int error; 5067 5068 ASSERT(MUTEX_HELD(&zfs_share_lock)); 5069 /* Both NFS and SMB shares also require sharetab support. */ 5070 if (sharefs_mod == NULL && ((sharefs_mod = 5071 ddi_modopen("fs/sharefs", 5072 KRTLD_MODE_FIRST, &error)) == NULL)) { 5073 return (SET_ERROR(ENOSYS)); 5074 } 5075 if (zshare_fs == NULL && ((zshare_fs = 5076 (int (*)(enum sharefs_sys_op, share_t *, uint32_t)) 5077 ddi_modsym(sharefs_mod, "sharefs_impl", &error)) == NULL)) { 5078 return (SET_ERROR(ENOSYS)); 5079 } 5080 return (0); 5081} 5082#endif /* illumos */ 5083 5084static int 5085zfs_ioc_share(zfs_cmd_t *zc) 5086{ 5087#ifdef illumos 5088 int error; 5089 int opcode; 5090 5091 switch (zc->zc_share.z_sharetype) { 5092 case ZFS_SHARE_NFS: 5093 case ZFS_UNSHARE_NFS: 5094 if (zfs_nfsshare_inited == 0) { 5095 mutex_enter(&zfs_share_lock); 5096 if (nfs_mod == NULL && ((nfs_mod = ddi_modopen("fs/nfs", 5097 KRTLD_MODE_FIRST, &error)) == NULL)) { 5098 mutex_exit(&zfs_share_lock); 5099 return (SET_ERROR(ENOSYS)); 5100 } 5101 if (znfsexport_fs == NULL && 5102 ((znfsexport_fs = (int (*)(void *)) 5103 ddi_modsym(nfs_mod, 5104 "nfs_export", &error)) == NULL)) { 5105 mutex_exit(&zfs_share_lock); 5106 return (SET_ERROR(ENOSYS)); 5107 } 5108 error = zfs_init_sharefs(); 5109 if (error != 0) { 5110 mutex_exit(&zfs_share_lock); 5111 return (SET_ERROR(ENOSYS)); 5112 } 5113 zfs_nfsshare_inited = 1; 5114 mutex_exit(&zfs_share_lock); 5115 } 5116 break; 5117 case ZFS_SHARE_SMB: 5118 case ZFS_UNSHARE_SMB: 5119 if (zfs_smbshare_inited == 0) { 5120 mutex_enter(&zfs_share_lock); 5121 if (smbsrv_mod == NULL && ((smbsrv_mod = 5122 ddi_modopen("drv/smbsrv", 5123 KRTLD_MODE_FIRST, &error)) == NULL)) { 5124 mutex_exit(&zfs_share_lock); 5125 return (SET_ERROR(ENOSYS)); 5126 } 5127 if (zsmbexport_fs == NULL && ((zsmbexport_fs = 5128 (int (*)(void *, boolean_t))ddi_modsym(smbsrv_mod, 5129 "smb_server_share", &error)) == NULL)) { 5130 mutex_exit(&zfs_share_lock); 5131 return (SET_ERROR(ENOSYS)); 5132 } 5133 error = zfs_init_sharefs(); 5134 if (error != 0) { 5135 mutex_exit(&zfs_share_lock); 5136 return (SET_ERROR(ENOSYS)); 5137 } 5138 zfs_smbshare_inited = 1; 5139 mutex_exit(&zfs_share_lock); 5140 } 5141 break; 5142 default: 5143 return (SET_ERROR(EINVAL)); 5144 } 5145 5146 switch (zc->zc_share.z_sharetype) { 5147 case ZFS_SHARE_NFS: 5148 case ZFS_UNSHARE_NFS: 5149 if (error = 5150 znfsexport_fs((void *) 5151 (uintptr_t)zc->zc_share.z_exportdata)) 5152 return (error); 5153 break; 5154 case ZFS_SHARE_SMB: 5155 case ZFS_UNSHARE_SMB: 5156 if (error = zsmbexport_fs((void *) 5157 (uintptr_t)zc->zc_share.z_exportdata, 5158 zc->zc_share.z_sharetype == ZFS_SHARE_SMB ? 5159 B_TRUE: B_FALSE)) { 5160 return (error); 5161 } 5162 break; 5163 } 5164 5165 opcode = (zc->zc_share.z_sharetype == ZFS_SHARE_NFS || 5166 zc->zc_share.z_sharetype == ZFS_SHARE_SMB) ? 5167 SHAREFS_ADD : SHAREFS_REMOVE; 5168 5169 /* 5170 * Add or remove share from sharetab 5171 */ 5172 error = zshare_fs(opcode, 5173 (void *)(uintptr_t)zc->zc_share.z_sharedata, 5174 zc->zc_share.z_sharemax); 5175 5176 return (error); 5177 5178#else /* !illumos */ 5179 return (ENOSYS); 5180#endif /* illumos */ 5181} 5182 5183ace_t full_access[] = { 5184 {(uid_t)-1, ACE_ALL_PERMS, ACE_EVERYONE, 0} 5185}; 5186 5187/* 5188 * inputs: 5189 * zc_name name of containing filesystem 5190 * zc_obj object # beyond which we want next in-use object # 5191 * 5192 * outputs: 5193 * zc_obj next in-use object # 5194 */ 5195static int 5196zfs_ioc_next_obj(zfs_cmd_t *zc) 5197{ 5198 objset_t *os = NULL; 5199 int error; 5200 5201 error = dmu_objset_hold(zc->zc_name, FTAG, &os); 5202 if (error != 0) 5203 return (error); 5204 5205 error = dmu_object_next(os, &zc->zc_obj, B_FALSE, 5206 dsl_dataset_phys(os->os_dsl_dataset)->ds_prev_snap_txg); 5207 5208 dmu_objset_rele(os, FTAG); 5209 return (error); 5210} 5211 5212/* 5213 * inputs: 5214 * zc_name name of filesystem 5215 * zc_value prefix name for snapshot 5216 * zc_cleanup_fd cleanup-on-exit file descriptor for calling process 5217 * 5218 * outputs: 5219 * zc_value short name of new snapshot 5220 */ 5221static int 5222zfs_ioc_tmp_snapshot(zfs_cmd_t *zc) 5223{ 5224 char *snap_name; 5225 char *hold_name; 5226 int error; 5227 minor_t minor; 5228 5229 error = zfs_onexit_fd_hold(zc->zc_cleanup_fd, &minor); 5230 if (error != 0) 5231 return (error); 5232 5233 snap_name = kmem_asprintf("%s-%016llx", zc->zc_value, 5234 (u_longlong_t)ddi_get_lbolt64()); 5235 hold_name = kmem_asprintf("%%%s", zc->zc_value); 5236 5237 error = dsl_dataset_snapshot_tmp(zc->zc_name, snap_name, minor, 5238 hold_name); 5239 if (error == 0) 5240 (void) strcpy(zc->zc_value, snap_name); 5241 strfree(snap_name); 5242 strfree(hold_name); 5243 zfs_onexit_fd_rele(zc->zc_cleanup_fd); 5244 return (error); 5245} 5246 5247/* 5248 * inputs: 5249 * zc_name name of "to" snapshot 5250 * zc_value name of "from" snapshot 5251 * zc_cookie file descriptor to write diff data on 5252 * 5253 * outputs: 5254 * dmu_diff_record_t's to the file descriptor 5255 */ 5256static int 5257zfs_ioc_diff(zfs_cmd_t *zc) 5258{ 5259 file_t *fp; 5260 cap_rights_t rights; 5261 offset_t off; 5262 int error; 5263 5264#ifdef illumos 5265 fp = getf(zc->zc_cookie); 5266#else 5267 fget_write(curthread, zc->zc_cookie, 5268 cap_rights_init(&rights, CAP_WRITE), &fp); 5269#endif 5270 if (fp == NULL) 5271 return (SET_ERROR(EBADF)); 5272 5273 off = fp->f_offset; 5274 5275#ifdef illumos 5276 error = dmu_diff(zc->zc_name, zc->zc_value, fp->f_vnode, &off); 5277#else 5278 error = dmu_diff(zc->zc_name, zc->zc_value, fp, &off); 5279#endif 5280 5281 if (off >= 0 && off <= MAXOFFSET_T) 5282 fp->f_offset = off; 5283 releasef(zc->zc_cookie); 5284 5285 return (error); 5286} 5287 5288#ifdef illumos 5289/* 5290 * Remove all ACL files in shares dir 5291 */ 5292static int 5293zfs_smb_acl_purge(znode_t *dzp) 5294{ 5295 zap_cursor_t zc; 5296 zap_attribute_t zap; 5297 zfsvfs_t *zfsvfs = dzp->z_zfsvfs; 5298 int error; 5299 5300 for (zap_cursor_init(&zc, zfsvfs->z_os, dzp->z_id); 5301 (error = zap_cursor_retrieve(&zc, &zap)) == 0; 5302 zap_cursor_advance(&zc)) { 5303 if ((error = VOP_REMOVE(ZTOV(dzp), zap.za_name, kcred, 5304 NULL, 0)) != 0) 5305 break; 5306 } 5307 zap_cursor_fini(&zc); 5308 return (error); 5309} 5310#endif /* illumos */ 5311 5312static int 5313zfs_ioc_smb_acl(zfs_cmd_t *zc) 5314{ 5315#ifdef illumos 5316 vnode_t *vp; 5317 znode_t *dzp; 5318 vnode_t *resourcevp = NULL; 5319 znode_t *sharedir; 5320 zfsvfs_t *zfsvfs; 5321 nvlist_t *nvlist; 5322 char *src, *target; 5323 vattr_t vattr; 5324 vsecattr_t vsec; 5325 int error = 0; 5326 5327 if ((error = lookupname(zc->zc_value, UIO_SYSSPACE, 5328 NO_FOLLOW, NULL, &vp)) != 0) 5329 return (error); 5330 5331 /* Now make sure mntpnt and dataset are ZFS */ 5332 5333 if (strcmp(vp->v_vfsp->mnt_stat.f_fstypename, "zfs") != 0 || 5334 (strcmp((char *)refstr_value(vp->v_vfsp->vfs_resource), 5335 zc->zc_name) != 0)) { 5336 VN_RELE(vp); 5337 return (SET_ERROR(EINVAL)); 5338 } 5339 5340 dzp = VTOZ(vp); 5341 zfsvfs = dzp->z_zfsvfs; 5342 ZFS_ENTER(zfsvfs); 5343 5344 /* 5345 * Create share dir if its missing. 5346 */ 5347 mutex_enter(&zfsvfs->z_lock); 5348 if (zfsvfs->z_shares_dir == 0) { 5349 dmu_tx_t *tx; 5350 5351 tx = dmu_tx_create(zfsvfs->z_os); 5352 dmu_tx_hold_zap(tx, MASTER_NODE_OBJ, TRUE, 5353 ZFS_SHARES_DIR); 5354 dmu_tx_hold_zap(tx, DMU_NEW_OBJECT, FALSE, NULL); 5355 error = dmu_tx_assign(tx, TXG_WAIT); 5356 if (error != 0) { 5357 dmu_tx_abort(tx); 5358 } else { 5359 error = zfs_create_share_dir(zfsvfs, tx); 5360 dmu_tx_commit(tx); 5361 } 5362 if (error != 0) { 5363 mutex_exit(&zfsvfs->z_lock); 5364 VN_RELE(vp); 5365 ZFS_EXIT(zfsvfs); 5366 return (error); 5367 } 5368 } 5369 mutex_exit(&zfsvfs->z_lock); 5370 5371 ASSERT(zfsvfs->z_shares_dir); 5372 if ((error = zfs_zget(zfsvfs, zfsvfs->z_shares_dir, &sharedir)) != 0) { 5373 VN_RELE(vp); 5374 ZFS_EXIT(zfsvfs); 5375 return (error); 5376 } 5377 5378 switch (zc->zc_cookie) { 5379 case ZFS_SMB_ACL_ADD: 5380 vattr.va_mask = AT_MODE|AT_UID|AT_GID|AT_TYPE; 5381 vattr.va_type = VREG; 5382 vattr.va_mode = S_IFREG|0777; 5383 vattr.va_uid = 0; 5384 vattr.va_gid = 0; 5385 5386 vsec.vsa_mask = VSA_ACE; 5387 vsec.vsa_aclentp = &full_access; 5388 vsec.vsa_aclentsz = sizeof (full_access); 5389 vsec.vsa_aclcnt = 1; 5390 5391 error = VOP_CREATE(ZTOV(sharedir), zc->zc_string, 5392 &vattr, EXCL, 0, &resourcevp, kcred, 0, NULL, &vsec); 5393 if (resourcevp) 5394 VN_RELE(resourcevp); 5395 break; 5396 5397 case ZFS_SMB_ACL_REMOVE: 5398 error = VOP_REMOVE(ZTOV(sharedir), zc->zc_string, kcred, 5399 NULL, 0); 5400 break; 5401 5402 case ZFS_SMB_ACL_RENAME: 5403 if ((error = get_nvlist(zc->zc_nvlist_src, 5404 zc->zc_nvlist_src_size, zc->zc_iflags, &nvlist)) != 0) { 5405 VN_RELE(vp); 5406 VN_RELE(ZTOV(sharedir)); 5407 ZFS_EXIT(zfsvfs); 5408 return (error); 5409 } 5410 if (nvlist_lookup_string(nvlist, ZFS_SMB_ACL_SRC, &src) || 5411 nvlist_lookup_string(nvlist, ZFS_SMB_ACL_TARGET, 5412 &target)) { 5413 VN_RELE(vp); 5414 VN_RELE(ZTOV(sharedir)); 5415 ZFS_EXIT(zfsvfs); 5416 nvlist_free(nvlist); 5417 return (error); 5418 } 5419 error = VOP_RENAME(ZTOV(sharedir), src, ZTOV(sharedir), target, 5420 kcred, NULL, 0); 5421 nvlist_free(nvlist); 5422 break; 5423 5424 case ZFS_SMB_ACL_PURGE: 5425 error = zfs_smb_acl_purge(sharedir); 5426 break; 5427 5428 default: 5429 error = SET_ERROR(EINVAL); 5430 break; 5431 } 5432 5433 VN_RELE(vp); 5434 VN_RELE(ZTOV(sharedir)); 5435 5436 ZFS_EXIT(zfsvfs); 5437 5438 return (error); 5439#else /* !illumos */ 5440 return (EOPNOTSUPP); 5441#endif /* illumos */ 5442} 5443 5444/* 5445 * innvl: { 5446 * "holds" -> { snapname -> holdname (string), ... } 5447 * (optional) "cleanup_fd" -> fd (int32) 5448 * } 5449 * 5450 * outnvl: { 5451 * snapname -> error value (int32) 5452 * ... 5453 * } 5454 */ 5455/* ARGSUSED */ 5456static int 5457zfs_ioc_hold(const char *pool, nvlist_t *args, nvlist_t *errlist) 5458{ 5459 nvpair_t *pair; 5460 nvlist_t *holds; 5461 int cleanup_fd = -1; 5462 int error; 5463 minor_t minor = 0; 5464 5465 error = nvlist_lookup_nvlist(args, "holds", &holds); 5466 if (error != 0) 5467 return (SET_ERROR(EINVAL)); 5468 5469 /* make sure the user didn't pass us any invalid (empty) tags */ 5470 for (pair = nvlist_next_nvpair(holds, NULL); pair != NULL; 5471 pair = nvlist_next_nvpair(holds, pair)) { 5472 char *htag; 5473 5474 error = nvpair_value_string(pair, &htag); 5475 if (error != 0) 5476 return (SET_ERROR(error)); 5477 5478 if (strlen(htag) == 0) 5479 return (SET_ERROR(EINVAL)); 5480 } 5481 5482 if (nvlist_lookup_int32(args, "cleanup_fd", &cleanup_fd) == 0) { 5483 error = zfs_onexit_fd_hold(cleanup_fd, &minor); 5484 if (error != 0) 5485 return (error); 5486 } 5487 5488 error = dsl_dataset_user_hold(holds, minor, errlist); 5489 if (minor != 0) 5490 zfs_onexit_fd_rele(cleanup_fd); 5491 return (error); 5492} 5493 5494/* 5495 * innvl is not used. 5496 * 5497 * outnvl: { 5498 * holdname -> time added (uint64 seconds since epoch) 5499 * ... 5500 * } 5501 */ 5502/* ARGSUSED */ 5503static int 5504zfs_ioc_get_holds(const char *snapname, nvlist_t *args, nvlist_t *outnvl) 5505{ 5506 return (dsl_dataset_get_holds(snapname, outnvl)); 5507} 5508 5509/* 5510 * innvl: { 5511 * snapname -> { holdname, ... } 5512 * ... 5513 * } 5514 * 5515 * outnvl: { 5516 * snapname -> error value (int32) 5517 * ... 5518 * } 5519 */ 5520/* ARGSUSED */ 5521static int 5522zfs_ioc_release(const char *pool, nvlist_t *holds, nvlist_t *errlist) 5523{ 5524 return (dsl_dataset_user_release(holds, errlist)); 5525} 5526 5527/* 5528 * inputs: 5529 * zc_name name of new filesystem or snapshot 5530 * zc_value full name of old snapshot 5531 * 5532 * outputs: 5533 * zc_cookie space in bytes 5534 * zc_objset_type compressed space in bytes 5535 * zc_perm_action uncompressed space in bytes 5536 */ 5537static int 5538zfs_ioc_space_written(zfs_cmd_t *zc) 5539{ 5540 int error; 5541 dsl_pool_t *dp; 5542 dsl_dataset_t *new, *old; 5543 5544 error = dsl_pool_hold(zc->zc_name, FTAG, &dp); 5545 if (error != 0) 5546 return (error); 5547 error = dsl_dataset_hold(dp, zc->zc_name, FTAG, &new); 5548 if (error != 0) { 5549 dsl_pool_rele(dp, FTAG); 5550 return (error); 5551 } 5552 error = dsl_dataset_hold(dp, zc->zc_value, FTAG, &old); 5553 if (error != 0) { 5554 dsl_dataset_rele(new, FTAG); 5555 dsl_pool_rele(dp, FTAG); 5556 return (error); 5557 } 5558 5559 error = dsl_dataset_space_written(old, new, &zc->zc_cookie, 5560 &zc->zc_objset_type, &zc->zc_perm_action); 5561 dsl_dataset_rele(old, FTAG); 5562 dsl_dataset_rele(new, FTAG); 5563 dsl_pool_rele(dp, FTAG); 5564 return (error); 5565} 5566 5567/* 5568 * innvl: { 5569 * "firstsnap" -> snapshot name 5570 * } 5571 * 5572 * outnvl: { 5573 * "used" -> space in bytes 5574 * "compressed" -> compressed space in bytes 5575 * "uncompressed" -> uncompressed space in bytes 5576 * } 5577 */ 5578static int 5579zfs_ioc_space_snaps(const char *lastsnap, nvlist_t *innvl, nvlist_t *outnvl) 5580{ 5581 int error; 5582 dsl_pool_t *dp; 5583 dsl_dataset_t *new, *old; 5584 char *firstsnap; 5585 uint64_t used, comp, uncomp; 5586 5587 if (nvlist_lookup_string(innvl, "firstsnap", &firstsnap) != 0) 5588 return (SET_ERROR(EINVAL)); 5589 5590 error = dsl_pool_hold(lastsnap, FTAG, &dp); 5591 if (error != 0) 5592 return (error); 5593 5594 error = dsl_dataset_hold(dp, lastsnap, FTAG, &new); 5595 if (error == 0 && !new->ds_is_snapshot) { 5596 dsl_dataset_rele(new, FTAG); 5597 error = SET_ERROR(EINVAL); 5598 } 5599 if (error != 0) { 5600 dsl_pool_rele(dp, FTAG); 5601 return (error); 5602 } 5603 error = dsl_dataset_hold(dp, firstsnap, FTAG, &old); 5604 if (error == 0 && !old->ds_is_snapshot) { 5605 dsl_dataset_rele(old, FTAG); 5606 error = SET_ERROR(EINVAL); 5607 } 5608 if (error != 0) { 5609 dsl_dataset_rele(new, FTAG); 5610 dsl_pool_rele(dp, FTAG); 5611 return (error); 5612 } 5613 5614 error = dsl_dataset_space_wouldfree(old, new, &used, &comp, &uncomp); 5615 dsl_dataset_rele(old, FTAG); 5616 dsl_dataset_rele(new, FTAG); 5617 dsl_pool_rele(dp, FTAG); 5618 fnvlist_add_uint64(outnvl, "used", used); 5619 fnvlist_add_uint64(outnvl, "compressed", comp); 5620 fnvlist_add_uint64(outnvl, "uncompressed", uncomp); 5621 return (error); 5622} 5623 5624static int 5625zfs_ioc_jail(zfs_cmd_t *zc) 5626{ 5627 5628 return (zone_dataset_attach(curthread->td_ucred, zc->zc_name, 5629 (int)zc->zc_jailid)); 5630} 5631 5632static int 5633zfs_ioc_unjail(zfs_cmd_t *zc) 5634{ 5635 5636 return (zone_dataset_detach(curthread->td_ucred, zc->zc_name, 5637 (int)zc->zc_jailid)); 5638} 5639 5640/* 5641 * innvl: { 5642 * "fd" -> file descriptor to write stream to (int32) 5643 * (optional) "fromsnap" -> full snap name to send an incremental from 5644 * (optional) "largeblockok" -> (value ignored) 5645 * indicates that blocks > 128KB are permitted 5646 * (optional) "embedok" -> (value ignored) 5647 * presence indicates DRR_WRITE_EMBEDDED records are permitted 5648 * (optional) "resume_object" and "resume_offset" -> (uint64) 5649 * if present, resume send stream from specified object and offset. 5650 * } 5651 * 5652 * outnvl is unused 5653 */ 5654/* ARGSUSED */ 5655static int 5656zfs_ioc_send_new(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5657{ 5658 cap_rights_t rights; 5659 file_t *fp; 5660 int error; 5661 offset_t off; 5662 char *fromname = NULL; 5663 int fd; 5664 boolean_t largeblockok; 5665 boolean_t embedok; 5666 uint64_t resumeobj = 0; 5667 uint64_t resumeoff = 0; 5668 5669 error = nvlist_lookup_int32(innvl, "fd", &fd); 5670 if (error != 0) 5671 return (SET_ERROR(EINVAL)); 5672 5673 (void) nvlist_lookup_string(innvl, "fromsnap", &fromname); 5674 5675 largeblockok = nvlist_exists(innvl, "largeblockok"); 5676 embedok = nvlist_exists(innvl, "embedok"); 5677 5678 (void) nvlist_lookup_uint64(innvl, "resume_object", &resumeobj); 5679 (void) nvlist_lookup_uint64(innvl, "resume_offset", &resumeoff); 5680 5681#ifdef illumos 5682 file_t *fp = getf(fd); 5683#else 5684 fget_write(curthread, fd, cap_rights_init(&rights, CAP_WRITE), &fp); 5685#endif 5686 if (fp == NULL) 5687 return (SET_ERROR(EBADF)); 5688 5689 off = fp->f_offset; 5690 error = dmu_send(snapname, fromname, embedok, largeblockok, fd, 5691#ifdef illumos 5692 resumeobj, resumeoff, fp->f_vnode, &off); 5693#else 5694 resumeobj, resumeoff, fp, &off); 5695#endif 5696 5697#ifdef illumos 5698 if (VOP_SEEK(fp->f_vnode, fp->f_offset, &off, NULL) == 0) 5699 fp->f_offset = off; 5700#else 5701 fp->f_offset = off; 5702#endif 5703 5704 releasef(fd); 5705 return (error); 5706} 5707 5708/* 5709 * Determine approximately how large a zfs send stream will be -- the number 5710 * of bytes that will be written to the fd supplied to zfs_ioc_send_new(). 5711 * 5712 * innvl: { 5713 * (optional) "from" -> full snap or bookmark name to send an incremental 5714 * from 5715 * } 5716 * 5717 * outnvl: { 5718 * "space" -> bytes of space (uint64) 5719 * } 5720 */ 5721static int 5722zfs_ioc_send_space(const char *snapname, nvlist_t *innvl, nvlist_t *outnvl) 5723{ 5724 dsl_pool_t *dp; 5725 dsl_dataset_t *tosnap; 5726 int error; 5727 char *fromname; 5728 uint64_t space; 5729 5730 error = dsl_pool_hold(snapname, FTAG, &dp); 5731 if (error != 0) 5732 return (error); 5733 5734 error = dsl_dataset_hold(dp, snapname, FTAG, &tosnap); 5735 if (error != 0) { 5736 dsl_pool_rele(dp, FTAG); 5737 return (error); 5738 } 5739 5740 error = nvlist_lookup_string(innvl, "from", &fromname); 5741 if (error == 0) { 5742 if (strchr(fromname, '@') != NULL) { 5743 /* 5744 * If from is a snapshot, hold it and use the more 5745 * efficient dmu_send_estimate to estimate send space 5746 * size using deadlists. 5747 */ 5748 dsl_dataset_t *fromsnap; 5749 error = dsl_dataset_hold(dp, fromname, FTAG, &fromsnap); 5750 if (error != 0) 5751 goto out; 5752 error = dmu_send_estimate(tosnap, fromsnap, &space); 5753 dsl_dataset_rele(fromsnap, FTAG); 5754 } else if (strchr(fromname, '#') != NULL) { 5755 /* 5756 * If from is a bookmark, fetch the creation TXG of the 5757 * snapshot it was created from and use that to find 5758 * blocks that were born after it. 5759 */ 5760 zfs_bookmark_phys_t frombm; 5761 5762 error = dsl_bookmark_lookup(dp, fromname, tosnap, 5763 &frombm); 5764 if (error != 0) 5765 goto out; 5766 error = dmu_send_estimate_from_txg(tosnap, 5767 frombm.zbm_creation_txg, &space); 5768 } else { 5769 /* 5770 * from is not properly formatted as a snapshot or 5771 * bookmark 5772 */ 5773 error = SET_ERROR(EINVAL); 5774 goto out; 5775 } 5776 } else { 5777 // If estimating the size of a full send, use dmu_send_estimate 5778 error = dmu_send_estimate(tosnap, NULL, &space); 5779 } 5780 5781 fnvlist_add_uint64(outnvl, "space", space); 5782 5783out: 5784 dsl_dataset_rele(tosnap, FTAG); 5785 dsl_pool_rele(dp, FTAG); 5786 return (error); 5787} 5788 5789static zfs_ioc_vec_t zfs_ioc_vec[ZFS_IOC_LAST - ZFS_IOC_FIRST]; 5790 5791static void 5792zfs_ioctl_register_legacy(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5793 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5794 boolean_t log_history, zfs_ioc_poolcheck_t pool_check) 5795{ 5796 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5797 5798 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5799 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5800 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5801 ASSERT3P(vec->zvec_func, ==, NULL); 5802 5803 vec->zvec_legacy_func = func; 5804 vec->zvec_secpolicy = secpolicy; 5805 vec->zvec_namecheck = namecheck; 5806 vec->zvec_allow_log = log_history; 5807 vec->zvec_pool_check = pool_check; 5808} 5809 5810/* 5811 * See the block comment at the beginning of this file for details on 5812 * each argument to this function. 5813 */ 5814static void 5815zfs_ioctl_register(const char *name, zfs_ioc_t ioc, zfs_ioc_func_t *func, 5816 zfs_secpolicy_func_t *secpolicy, zfs_ioc_namecheck_t namecheck, 5817 zfs_ioc_poolcheck_t pool_check, boolean_t smush_outnvlist, 5818 boolean_t allow_log) 5819{ 5820 zfs_ioc_vec_t *vec = &zfs_ioc_vec[ioc - ZFS_IOC_FIRST]; 5821 5822 ASSERT3U(ioc, >=, ZFS_IOC_FIRST); 5823 ASSERT3U(ioc, <, ZFS_IOC_LAST); 5824 ASSERT3P(vec->zvec_legacy_func, ==, NULL); 5825 ASSERT3P(vec->zvec_func, ==, NULL); 5826 5827 /* if we are logging, the name must be valid */ 5828 ASSERT(!allow_log || namecheck != NO_NAME); 5829 5830 vec->zvec_name = name; 5831 vec->zvec_func = func; 5832 vec->zvec_secpolicy = secpolicy; 5833 vec->zvec_namecheck = namecheck; 5834 vec->zvec_pool_check = pool_check; 5835 vec->zvec_smush_outnvlist = smush_outnvlist; 5836 vec->zvec_allow_log = allow_log; 5837} 5838 5839static void 5840zfs_ioctl_register_pool(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5841 zfs_secpolicy_func_t *secpolicy, boolean_t log_history, 5842 zfs_ioc_poolcheck_t pool_check) 5843{ 5844 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5845 POOL_NAME, log_history, pool_check); 5846} 5847 5848static void 5849zfs_ioctl_register_dataset_nolog(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5850 zfs_secpolicy_func_t *secpolicy, zfs_ioc_poolcheck_t pool_check) 5851{ 5852 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5853 DATASET_NAME, B_FALSE, pool_check); 5854} 5855 5856static void 5857zfs_ioctl_register_pool_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5858{ 5859 zfs_ioctl_register_legacy(ioc, func, zfs_secpolicy_config, 5860 POOL_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5861} 5862 5863static void 5864zfs_ioctl_register_pool_meta(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5865 zfs_secpolicy_func_t *secpolicy) 5866{ 5867 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5868 NO_NAME, B_FALSE, POOL_CHECK_NONE); 5869} 5870 5871static void 5872zfs_ioctl_register_dataset_read_secpolicy(zfs_ioc_t ioc, 5873 zfs_ioc_legacy_func_t *func, zfs_secpolicy_func_t *secpolicy) 5874{ 5875 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5876 DATASET_NAME, B_FALSE, POOL_CHECK_SUSPENDED); 5877} 5878 5879static void 5880zfs_ioctl_register_dataset_read(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func) 5881{ 5882 zfs_ioctl_register_dataset_read_secpolicy(ioc, func, 5883 zfs_secpolicy_read); 5884} 5885 5886static void 5887zfs_ioctl_register_dataset_modify(zfs_ioc_t ioc, zfs_ioc_legacy_func_t *func, 5888 zfs_secpolicy_func_t *secpolicy) 5889{ 5890 zfs_ioctl_register_legacy(ioc, func, secpolicy, 5891 DATASET_NAME, B_TRUE, POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 5892} 5893 5894static void 5895zfs_ioctl_init(void) 5896{ 5897 zfs_ioctl_register("snapshot", ZFS_IOC_SNAPSHOT, 5898 zfs_ioc_snapshot, zfs_secpolicy_snapshot, POOL_NAME, 5899 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5900 5901 zfs_ioctl_register("log_history", ZFS_IOC_LOG_HISTORY, 5902 zfs_ioc_log_history, zfs_secpolicy_log_history, NO_NAME, 5903 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_FALSE); 5904 5905 zfs_ioctl_register("space_snaps", ZFS_IOC_SPACE_SNAPS, 5906 zfs_ioc_space_snaps, zfs_secpolicy_read, DATASET_NAME, 5907 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5908 5909 zfs_ioctl_register("send", ZFS_IOC_SEND_NEW, 5910 zfs_ioc_send_new, zfs_secpolicy_send_new, DATASET_NAME, 5911 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5912 5913 zfs_ioctl_register("send_space", ZFS_IOC_SEND_SPACE, 5914 zfs_ioc_send_space, zfs_secpolicy_read, DATASET_NAME, 5915 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5916 5917 zfs_ioctl_register("create", ZFS_IOC_CREATE, 5918 zfs_ioc_create, zfs_secpolicy_create_clone, DATASET_NAME, 5919 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5920 5921 zfs_ioctl_register("clone", ZFS_IOC_CLONE, 5922 zfs_ioc_clone, zfs_secpolicy_create_clone, DATASET_NAME, 5923 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5924 5925 zfs_ioctl_register("destroy_snaps", ZFS_IOC_DESTROY_SNAPS, 5926 zfs_ioc_destroy_snaps, zfs_secpolicy_destroy_snaps, POOL_NAME, 5927 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5928 5929 zfs_ioctl_register("hold", ZFS_IOC_HOLD, 5930 zfs_ioc_hold, zfs_secpolicy_hold, POOL_NAME, 5931 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5932 zfs_ioctl_register("release", ZFS_IOC_RELEASE, 5933 zfs_ioc_release, zfs_secpolicy_release, POOL_NAME, 5934 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5935 5936 zfs_ioctl_register("get_holds", ZFS_IOC_GET_HOLDS, 5937 zfs_ioc_get_holds, zfs_secpolicy_read, DATASET_NAME, 5938 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5939 5940 zfs_ioctl_register("rollback", ZFS_IOC_ROLLBACK, 5941 zfs_ioc_rollback, zfs_secpolicy_rollback, DATASET_NAME, 5942 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_FALSE, B_TRUE); 5943 5944 zfs_ioctl_register("bookmark", ZFS_IOC_BOOKMARK, 5945 zfs_ioc_bookmark, zfs_secpolicy_bookmark, POOL_NAME, 5946 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5947 5948 zfs_ioctl_register("get_bookmarks", ZFS_IOC_GET_BOOKMARKS, 5949 zfs_ioc_get_bookmarks, zfs_secpolicy_read, DATASET_NAME, 5950 POOL_CHECK_SUSPENDED, B_FALSE, B_FALSE); 5951 5952 zfs_ioctl_register("destroy_bookmarks", ZFS_IOC_DESTROY_BOOKMARKS, 5953 zfs_ioc_destroy_bookmarks, zfs_secpolicy_destroy_bookmarks, 5954 POOL_NAME, 5955 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY, B_TRUE, B_TRUE); 5956 5957 /* IOCTLS that use the legacy function signature */ 5958 5959 zfs_ioctl_register_legacy(ZFS_IOC_POOL_FREEZE, zfs_ioc_pool_freeze, 5960 zfs_secpolicy_config, NO_NAME, B_FALSE, POOL_CHECK_READONLY); 5961 5962 zfs_ioctl_register_pool(ZFS_IOC_POOL_CREATE, zfs_ioc_pool_create, 5963 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 5964 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SCAN, 5965 zfs_ioc_pool_scan); 5966 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_UPGRADE, 5967 zfs_ioc_pool_upgrade); 5968 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ADD, 5969 zfs_ioc_vdev_add); 5970 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_REMOVE, 5971 zfs_ioc_vdev_remove); 5972 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SET_STATE, 5973 zfs_ioc_vdev_set_state); 5974 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_ATTACH, 5975 zfs_ioc_vdev_attach); 5976 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_DETACH, 5977 zfs_ioc_vdev_detach); 5978 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETPATH, 5979 zfs_ioc_vdev_setpath); 5980 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SETFRU, 5981 zfs_ioc_vdev_setfru); 5982 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_SET_PROPS, 5983 zfs_ioc_pool_set_props); 5984 zfs_ioctl_register_pool_modify(ZFS_IOC_VDEV_SPLIT, 5985 zfs_ioc_vdev_split); 5986 zfs_ioctl_register_pool_modify(ZFS_IOC_POOL_REGUID, 5987 zfs_ioc_pool_reguid); 5988 5989 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_CONFIGS, 5990 zfs_ioc_pool_configs, zfs_secpolicy_none); 5991 zfs_ioctl_register_pool_meta(ZFS_IOC_POOL_TRYIMPORT, 5992 zfs_ioc_pool_tryimport, zfs_secpolicy_config); 5993 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_FAULT, 5994 zfs_ioc_inject_fault, zfs_secpolicy_inject); 5995 zfs_ioctl_register_pool_meta(ZFS_IOC_CLEAR_FAULT, 5996 zfs_ioc_clear_fault, zfs_secpolicy_inject); 5997 zfs_ioctl_register_pool_meta(ZFS_IOC_INJECT_LIST_NEXT, 5998 zfs_ioc_inject_list_next, zfs_secpolicy_inject); 5999 6000 /* 6001 * pool destroy, and export don't log the history as part of 6002 * zfsdev_ioctl, but rather zfs_ioc_pool_export 6003 * does the logging of those commands. 6004 */ 6005 zfs_ioctl_register_pool(ZFS_IOC_POOL_DESTROY, zfs_ioc_pool_destroy, 6006 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6007 zfs_ioctl_register_pool(ZFS_IOC_POOL_EXPORT, zfs_ioc_pool_export, 6008 zfs_secpolicy_config, B_FALSE, POOL_CHECK_NONE); 6009 6010 zfs_ioctl_register_pool(ZFS_IOC_POOL_STATS, zfs_ioc_pool_stats, 6011 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6012 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_PROPS, zfs_ioc_pool_get_props, 6013 zfs_secpolicy_read, B_FALSE, POOL_CHECK_NONE); 6014 6015 zfs_ioctl_register_pool(ZFS_IOC_ERROR_LOG, zfs_ioc_error_log, 6016 zfs_secpolicy_inject, B_FALSE, POOL_CHECK_NONE); 6017 zfs_ioctl_register_pool(ZFS_IOC_DSOBJ_TO_DSNAME, 6018 zfs_ioc_dsobj_to_dsname, 6019 zfs_secpolicy_diff, B_FALSE, POOL_CHECK_NONE); 6020 zfs_ioctl_register_pool(ZFS_IOC_POOL_GET_HISTORY, 6021 zfs_ioc_pool_get_history, 6022 zfs_secpolicy_config, B_FALSE, POOL_CHECK_SUSPENDED); 6023 6024 zfs_ioctl_register_pool(ZFS_IOC_POOL_IMPORT, zfs_ioc_pool_import, 6025 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6026 6027 zfs_ioctl_register_pool(ZFS_IOC_CLEAR, zfs_ioc_clear, 6028 zfs_secpolicy_config, B_TRUE, POOL_CHECK_NONE); 6029 zfs_ioctl_register_pool(ZFS_IOC_POOL_REOPEN, zfs_ioc_pool_reopen, 6030 zfs_secpolicy_config, B_TRUE, POOL_CHECK_SUSPENDED); 6031 6032 zfs_ioctl_register_dataset_read(ZFS_IOC_SPACE_WRITTEN, 6033 zfs_ioc_space_written); 6034 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_RECVD_PROPS, 6035 zfs_ioc_objset_recvd_props); 6036 zfs_ioctl_register_dataset_read(ZFS_IOC_NEXT_OBJ, 6037 zfs_ioc_next_obj); 6038 zfs_ioctl_register_dataset_read(ZFS_IOC_GET_FSACL, 6039 zfs_ioc_get_fsacl); 6040 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_STATS, 6041 zfs_ioc_objset_stats); 6042 zfs_ioctl_register_dataset_read(ZFS_IOC_OBJSET_ZPLPROPS, 6043 zfs_ioc_objset_zplprops); 6044 zfs_ioctl_register_dataset_read(ZFS_IOC_DATASET_LIST_NEXT, 6045 zfs_ioc_dataset_list_next); 6046 zfs_ioctl_register_dataset_read(ZFS_IOC_SNAPSHOT_LIST_NEXT, 6047 zfs_ioc_snapshot_list_next); 6048 zfs_ioctl_register_dataset_read(ZFS_IOC_SEND_PROGRESS, 6049 zfs_ioc_send_progress); 6050 6051 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_DIFF, 6052 zfs_ioc_diff, zfs_secpolicy_diff); 6053 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_STATS, 6054 zfs_ioc_obj_to_stats, zfs_secpolicy_diff); 6055 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_OBJ_TO_PATH, 6056 zfs_ioc_obj_to_path, zfs_secpolicy_diff); 6057 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_ONE, 6058 zfs_ioc_userspace_one, zfs_secpolicy_userspace_one); 6059 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_USERSPACE_MANY, 6060 zfs_ioc_userspace_many, zfs_secpolicy_userspace_many); 6061 zfs_ioctl_register_dataset_read_secpolicy(ZFS_IOC_SEND, 6062 zfs_ioc_send, zfs_secpolicy_send); 6063 6064 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_PROP, zfs_ioc_set_prop, 6065 zfs_secpolicy_none); 6066 zfs_ioctl_register_dataset_modify(ZFS_IOC_DESTROY, zfs_ioc_destroy, 6067 zfs_secpolicy_destroy); 6068 zfs_ioctl_register_dataset_modify(ZFS_IOC_RENAME, zfs_ioc_rename, 6069 zfs_secpolicy_rename); 6070 zfs_ioctl_register_dataset_modify(ZFS_IOC_RECV, zfs_ioc_recv, 6071 zfs_secpolicy_recv); 6072 zfs_ioctl_register_dataset_modify(ZFS_IOC_PROMOTE, zfs_ioc_promote, 6073 zfs_secpolicy_promote); 6074 zfs_ioctl_register_dataset_modify(ZFS_IOC_INHERIT_PROP, 6075 zfs_ioc_inherit_prop, zfs_secpolicy_inherit_prop); 6076 zfs_ioctl_register_dataset_modify(ZFS_IOC_SET_FSACL, zfs_ioc_set_fsacl, 6077 zfs_secpolicy_set_fsacl); 6078 6079 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SHARE, zfs_ioc_share, 6080 zfs_secpolicy_share, POOL_CHECK_NONE); 6081 zfs_ioctl_register_dataset_nolog(ZFS_IOC_SMB_ACL, zfs_ioc_smb_acl, 6082 zfs_secpolicy_smb_acl, POOL_CHECK_NONE); 6083 zfs_ioctl_register_dataset_nolog(ZFS_IOC_USERSPACE_UPGRADE, 6084 zfs_ioc_userspace_upgrade, zfs_secpolicy_userspace_upgrade, 6085 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6086 zfs_ioctl_register_dataset_nolog(ZFS_IOC_TMP_SNAPSHOT, 6087 zfs_ioc_tmp_snapshot, zfs_secpolicy_tmp_snapshot, 6088 POOL_CHECK_SUSPENDED | POOL_CHECK_READONLY); 6089 6090#ifdef __FreeBSD__ 6091 zfs_ioctl_register_dataset_nolog(ZFS_IOC_JAIL, zfs_ioc_jail, 6092 zfs_secpolicy_config, POOL_CHECK_NONE); 6093 zfs_ioctl_register_dataset_nolog(ZFS_IOC_UNJAIL, zfs_ioc_unjail, 6094 zfs_secpolicy_config, POOL_CHECK_NONE); 6095 zfs_ioctl_register("fbsd_nextboot", ZFS_IOC_NEXTBOOT, 6096 zfs_ioc_nextboot, zfs_secpolicy_config, NO_NAME, 6097 POOL_CHECK_NONE, B_FALSE, B_FALSE); 6098#endif 6099} 6100 6101int 6102pool_status_check(const char *name, zfs_ioc_namecheck_t type, 6103 zfs_ioc_poolcheck_t check) 6104{ 6105 spa_t *spa; 6106 int error; 6107 6108 ASSERT(type == POOL_NAME || type == DATASET_NAME); 6109 6110 if (check & POOL_CHECK_NONE) 6111 return (0); 6112 6113 error = spa_open(name, &spa, FTAG); 6114 if (error == 0) { 6115 if ((check & POOL_CHECK_SUSPENDED) && spa_suspended(spa)) 6116 error = SET_ERROR(EAGAIN); 6117 else if ((check & POOL_CHECK_READONLY) && !spa_writeable(spa)) 6118 error = SET_ERROR(EROFS); 6119 spa_close(spa, FTAG); 6120 } 6121 return (error); 6122} 6123 6124/* 6125 * Find a free minor number. 6126 */ 6127minor_t 6128zfsdev_minor_alloc(void) 6129{ 6130 static minor_t last_minor; 6131 minor_t m; 6132 6133 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6134 6135 for (m = last_minor + 1; m != last_minor; m++) { 6136 if (m > ZFSDEV_MAX_MINOR) 6137 m = 1; 6138 if (ddi_get_soft_state(zfsdev_state, m) == NULL) { 6139 last_minor = m; 6140 return (m); 6141 } 6142 } 6143 6144 return (0); 6145} 6146 6147static int 6148zfs_ctldev_init(struct cdev *devp) 6149{ 6150 minor_t minor; 6151 zfs_soft_state_t *zs; 6152 6153 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6154 6155 minor = zfsdev_minor_alloc(); 6156 if (minor == 0) 6157 return (SET_ERROR(ENXIO)); 6158 6159 if (ddi_soft_state_zalloc(zfsdev_state, minor) != DDI_SUCCESS) 6160 return (SET_ERROR(EAGAIN)); 6161 6162 devfs_set_cdevpriv((void *)(uintptr_t)minor, zfsdev_close); 6163 6164 zs = ddi_get_soft_state(zfsdev_state, minor); 6165 zs->zss_type = ZSST_CTLDEV; 6166 zfs_onexit_init((zfs_onexit_t **)&zs->zss_data); 6167 6168 return (0); 6169} 6170 6171static void 6172zfs_ctldev_destroy(zfs_onexit_t *zo, minor_t minor) 6173{ 6174 ASSERT(MUTEX_HELD(&spa_namespace_lock)); 6175 6176 zfs_onexit_destroy(zo); 6177 ddi_soft_state_free(zfsdev_state, minor); 6178} 6179 6180void * 6181zfsdev_get_soft_state(minor_t minor, enum zfs_soft_state_type which) 6182{ 6183 zfs_soft_state_t *zp; 6184 6185 zp = ddi_get_soft_state(zfsdev_state, minor); 6186 if (zp == NULL || zp->zss_type != which) 6187 return (NULL); 6188 6189 return (zp->zss_data); 6190} 6191 6192static int 6193zfsdev_open(struct cdev *devp, int flag, int mode, struct thread *td) 6194{ 6195 int error = 0; 6196 6197#ifdef illumos 6198 if (getminor(*devp) != 0) 6199 return (zvol_open(devp, flag, otyp, cr)); 6200#endif 6201 6202 /* This is the control device. Allocate a new minor if requested. */ 6203 if (flag & FEXCL) { 6204 mutex_enter(&spa_namespace_lock); 6205 error = zfs_ctldev_init(devp); 6206 mutex_exit(&spa_namespace_lock); 6207 } 6208 6209 return (error); 6210} 6211 6212static void 6213zfsdev_close(void *data) 6214{ 6215 zfs_onexit_t *zo; 6216 minor_t minor = (minor_t)(uintptr_t)data; 6217 6218 if (minor == 0) 6219 return; 6220 6221 mutex_enter(&spa_namespace_lock); 6222 zo = zfsdev_get_soft_state(minor, ZSST_CTLDEV); 6223 if (zo == NULL) { 6224 mutex_exit(&spa_namespace_lock); 6225 return; 6226 } 6227 zfs_ctldev_destroy(zo, minor); 6228 mutex_exit(&spa_namespace_lock); 6229} 6230 6231static int 6232zfsdev_ioctl(struct cdev *dev, u_long zcmd, caddr_t arg, int flag, 6233 struct thread *td) 6234{ 6235 zfs_cmd_t *zc; 6236 uint_t vecnum; 6237 int error, rc, len; 6238#ifdef illumos 6239 minor_t minor = getminor(dev); 6240#else 6241 zfs_iocparm_t *zc_iocparm; 6242 int cflag, cmd, oldvecnum; 6243 boolean_t newioc, compat; 6244 void *compat_zc = NULL; 6245 cred_t *cr = td->td_ucred; 6246#endif 6247 const zfs_ioc_vec_t *vec; 6248 char *saved_poolname = NULL; 6249 nvlist_t *innvl = NULL; 6250 6251 cflag = ZFS_CMD_COMPAT_NONE; 6252 compat = B_FALSE; 6253 newioc = B_TRUE; /* "new" style (zfs_iocparm_t) ioctl */ 6254 6255 len = IOCPARM_LEN(zcmd); 6256 vecnum = cmd = zcmd & 0xff; 6257 6258 /* 6259 * Check if we are talking to supported older binaries 6260 * and translate zfs_cmd if necessary 6261 */ 6262 if (len != sizeof(zfs_iocparm_t)) { 6263 newioc = B_FALSE; 6264 compat = B_TRUE; 6265 6266 vecnum = cmd; 6267 6268 switch (len) { 6269 case sizeof(zfs_cmd_zcmd_t): 6270 cflag = ZFS_CMD_COMPAT_LZC; 6271 break; 6272 case sizeof(zfs_cmd_deadman_t): 6273 cflag = ZFS_CMD_COMPAT_DEADMAN; 6274 break; 6275 case sizeof(zfs_cmd_v28_t): 6276 cflag = ZFS_CMD_COMPAT_V28; 6277 break; 6278 case sizeof(zfs_cmd_v15_t): 6279 cflag = ZFS_CMD_COMPAT_V15; 6280 vecnum = zfs_ioctl_v15_to_v28[cmd]; 6281 6282 /* 6283 * Return without further handling 6284 * if the command is blacklisted. 6285 */ 6286 if (vecnum == ZFS_IOC_COMPAT_PASS) 6287 return (0); 6288 else if (vecnum == ZFS_IOC_COMPAT_FAIL) 6289 return (ENOTSUP); 6290 break; 6291 default: 6292 return (EINVAL); 6293 } 6294 } 6295 6296#ifdef illumos 6297 vecnum = cmd - ZFS_IOC_FIRST; 6298 ASSERT3U(getmajor(dev), ==, ddi_driver_major(zfs_dip)); 6299#endif 6300 6301 if (vecnum >= sizeof (zfs_ioc_vec) / sizeof (zfs_ioc_vec[0])) 6302 return (SET_ERROR(EINVAL)); 6303 vec = &zfs_ioc_vec[vecnum]; 6304 6305 zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6306 6307#ifdef illumos 6308 error = ddi_copyin((void *)arg, zc, sizeof (zfs_cmd_t), flag); 6309 if (error != 0) { 6310 error = SET_ERROR(EFAULT); 6311 goto out; 6312 } 6313#else /* !illumos */ 6314 bzero(zc, sizeof(zfs_cmd_t)); 6315 6316 if (newioc) { 6317 zc_iocparm = (void *)arg; 6318 6319 switch (zc_iocparm->zfs_ioctl_version) { 6320 case ZFS_IOCVER_CURRENT: 6321 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_t)) { 6322 error = SET_ERROR(EINVAL); 6323 goto out; 6324 } 6325 break; 6326 case ZFS_IOCVER_INLANES: 6327 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_inlanes_t)) { 6328 error = SET_ERROR(EFAULT); 6329 goto out; 6330 } 6331 compat = B_TRUE; 6332 cflag = ZFS_CMD_COMPAT_INLANES; 6333 break; 6334 case ZFS_IOCVER_RESUME: 6335 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_resume_t)) { 6336 error = SET_ERROR(EFAULT); 6337 goto out; 6338 } 6339 compat = B_TRUE; 6340 cflag = ZFS_CMD_COMPAT_RESUME; 6341 break; 6342 case ZFS_IOCVER_EDBP: 6343 if (zc_iocparm->zfs_cmd_size != sizeof(zfs_cmd_edbp_t)) { 6344 error = SET_ERROR(EFAULT); 6345 goto out; 6346 } 6347 compat = B_TRUE; 6348 cflag = ZFS_CMD_COMPAT_EDBP; 6349 break; 6350 case ZFS_IOCVER_ZCMD: 6351 if (zc_iocparm->zfs_cmd_size > sizeof(zfs_cmd_t) || 6352 zc_iocparm->zfs_cmd_size < sizeof(zfs_cmd_zcmd_t)) { 6353 error = SET_ERROR(EFAULT); 6354 goto out; 6355 } 6356 compat = B_TRUE; 6357 cflag = ZFS_CMD_COMPAT_ZCMD; 6358 break; 6359 default: 6360 error = SET_ERROR(EINVAL); 6361 goto out; 6362 /* NOTREACHED */ 6363 } 6364 6365 if (compat) { 6366 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6367 compat_zc = kmem_zalloc(sizeof(zfs_cmd_t), KM_SLEEP); 6368 bzero(compat_zc, sizeof(zfs_cmd_t)); 6369 6370 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6371 compat_zc, zc_iocparm->zfs_cmd_size, flag); 6372 if (error != 0) { 6373 error = SET_ERROR(EFAULT); 6374 goto out; 6375 } 6376 } else { 6377 error = ddi_copyin((void *)(uintptr_t)zc_iocparm->zfs_cmd, 6378 zc, zc_iocparm->zfs_cmd_size, flag); 6379 if (error != 0) { 6380 error = SET_ERROR(EFAULT); 6381 goto out; 6382 } 6383 } 6384 } 6385 6386 if (compat) { 6387 if (newioc) { 6388 ASSERT(compat_zc != NULL); 6389 zfs_cmd_compat_get(zc, compat_zc, cflag); 6390 } else { 6391 ASSERT(compat_zc == NULL); 6392 zfs_cmd_compat_get(zc, arg, cflag); 6393 } 6394 oldvecnum = vecnum; 6395 error = zfs_ioctl_compat_pre(zc, &vecnum, cflag); 6396 if (error != 0) 6397 goto out; 6398 if (oldvecnum != vecnum) 6399 vec = &zfs_ioc_vec[vecnum]; 6400 } 6401#endif /* !illumos */ 6402 6403 zc->zc_iflags = flag & FKIOCTL; 6404 if (zc->zc_nvlist_src_size != 0) { 6405 error = get_nvlist(zc->zc_nvlist_src, zc->zc_nvlist_src_size, 6406 zc->zc_iflags, &innvl); 6407 if (error != 0) 6408 goto out; 6409 } 6410 6411 /* rewrite innvl for backwards compatibility */ 6412 if (compat) 6413 innvl = zfs_ioctl_compat_innvl(zc, innvl, vecnum, cflag); 6414 6415 /* 6416 * Ensure that all pool/dataset names are valid before we pass down to 6417 * the lower layers. 6418 */ 6419 zc->zc_name[sizeof (zc->zc_name) - 1] = '\0'; 6420 switch (vec->zvec_namecheck) { 6421 case POOL_NAME: 6422 if (pool_namecheck(zc->zc_name, NULL, NULL) != 0) 6423 error = SET_ERROR(EINVAL); 6424 else 6425 error = pool_status_check(zc->zc_name, 6426 vec->zvec_namecheck, vec->zvec_pool_check); 6427 break; 6428 6429 case DATASET_NAME: 6430 if (dataset_namecheck(zc->zc_name, NULL, NULL) != 0) 6431 error = SET_ERROR(EINVAL); 6432 else 6433 error = pool_status_check(zc->zc_name, 6434 vec->zvec_namecheck, vec->zvec_pool_check); 6435 break; 6436 6437 case NO_NAME: 6438 break; 6439 } 6440 6441 if (error == 0) 6442 error = vec->zvec_secpolicy(zc, innvl, cr); 6443 6444 if (error != 0) 6445 goto out; 6446 6447 /* legacy ioctls can modify zc_name */ 6448 len = strcspn(zc->zc_name, "/@#") + 1; 6449 saved_poolname = kmem_alloc(len, KM_SLEEP); 6450 (void) strlcpy(saved_poolname, zc->zc_name, len); 6451 6452 if (vec->zvec_func != NULL) { 6453 nvlist_t *outnvl; 6454 int puterror = 0; 6455 spa_t *spa; 6456 nvlist_t *lognv = NULL; 6457 6458 ASSERT(vec->zvec_legacy_func == NULL); 6459 6460 /* 6461 * Add the innvl to the lognv before calling the func, 6462 * in case the func changes the innvl. 6463 */ 6464 if (vec->zvec_allow_log) { 6465 lognv = fnvlist_alloc(); 6466 fnvlist_add_string(lognv, ZPOOL_HIST_IOCTL, 6467 vec->zvec_name); 6468 if (!nvlist_empty(innvl)) { 6469 fnvlist_add_nvlist(lognv, ZPOOL_HIST_INPUT_NVL, 6470 innvl); 6471 } 6472 } 6473 6474 outnvl = fnvlist_alloc(); 6475 error = vec->zvec_func(zc->zc_name, innvl, outnvl); 6476 6477 if (error == 0 && vec->zvec_allow_log && 6478 spa_open(zc->zc_name, &spa, FTAG) == 0) { 6479 if (!nvlist_empty(outnvl)) { 6480 fnvlist_add_nvlist(lognv, ZPOOL_HIST_OUTPUT_NVL, 6481 outnvl); 6482 } 6483 (void) spa_history_log_nvl(spa, lognv); 6484 spa_close(spa, FTAG); 6485 } 6486 fnvlist_free(lognv); 6487 6488 /* rewrite outnvl for backwards compatibility */ 6489 if (compat) 6490 outnvl = zfs_ioctl_compat_outnvl(zc, outnvl, vecnum, 6491 cflag); 6492 6493 if (!nvlist_empty(outnvl) || zc->zc_nvlist_dst_size != 0) { 6494 int smusherror = 0; 6495 if (vec->zvec_smush_outnvlist) { 6496 smusherror = nvlist_smush(outnvl, 6497 zc->zc_nvlist_dst_size); 6498 } 6499 if (smusherror == 0) 6500 puterror = put_nvlist(zc, outnvl); 6501 } 6502 6503 if (puterror != 0) 6504 error = puterror; 6505 6506 nvlist_free(outnvl); 6507 } else { 6508 error = vec->zvec_legacy_func(zc); 6509 } 6510 6511out: 6512 nvlist_free(innvl); 6513 6514#ifdef illumos 6515 rc = ddi_copyout(zc, (void *)arg, sizeof (zfs_cmd_t), flag); 6516 if (error == 0 && rc != 0) 6517 error = SET_ERROR(EFAULT); 6518#else 6519 if (compat) { 6520 zfs_ioctl_compat_post(zc, cmd, cflag); 6521 if (newioc) { 6522 ASSERT(compat_zc != NULL); 6523 ASSERT(sizeof(zfs_cmd_t) >= zc_iocparm->zfs_cmd_size); 6524 6525 zfs_cmd_compat_put(zc, compat_zc, vecnum, cflag); 6526 rc = ddi_copyout(compat_zc, 6527 (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6528 zc_iocparm->zfs_cmd_size, flag); 6529 if (error == 0 && rc != 0) 6530 error = SET_ERROR(EFAULT); 6531 kmem_free(compat_zc, sizeof (zfs_cmd_t)); 6532 } else { 6533 zfs_cmd_compat_put(zc, arg, vecnum, cflag); 6534 } 6535 } else { 6536 ASSERT(newioc); 6537 6538 rc = ddi_copyout(zc, (void *)(uintptr_t)zc_iocparm->zfs_cmd, 6539 sizeof (zfs_cmd_t), flag); 6540 if (error == 0 && rc != 0) 6541 error = SET_ERROR(EFAULT); 6542 } 6543#endif 6544 if (error == 0 && vec->zvec_allow_log) { 6545 char *s = tsd_get(zfs_allow_log_key); 6546 if (s != NULL) 6547 strfree(s); 6548 (void) tsd_set(zfs_allow_log_key, saved_poolname); 6549 } else { 6550 if (saved_poolname != NULL) 6551 strfree(saved_poolname); 6552 } 6553 6554 kmem_free(zc, sizeof (zfs_cmd_t)); 6555 return (error); 6556} 6557 6558#ifdef illumos 6559static int 6560zfs_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 6561{ 6562 if (cmd != DDI_ATTACH) 6563 return (DDI_FAILURE); 6564 6565 if (ddi_create_minor_node(dip, "zfs", S_IFCHR, 0, 6566 DDI_PSEUDO, 0) == DDI_FAILURE) 6567 return (DDI_FAILURE); 6568 6569 zfs_dip = dip; 6570 6571 ddi_report_dev(dip); 6572 6573 return (DDI_SUCCESS); 6574} 6575 6576static int 6577zfs_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 6578{ 6579 if (spa_busy() || zfs_busy() || zvol_busy()) 6580 return (DDI_FAILURE); 6581 6582 if (cmd != DDI_DETACH) 6583 return (DDI_FAILURE); 6584 6585 zfs_dip = NULL; 6586 6587 ddi_prop_remove_all(dip); 6588 ddi_remove_minor_node(dip, NULL); 6589 6590 return (DDI_SUCCESS); 6591} 6592 6593/*ARGSUSED*/ 6594static int 6595zfs_info(dev_info_t *dip, ddi_info_cmd_t infocmd, void *arg, void **result) 6596{ 6597 switch (infocmd) { 6598 case DDI_INFO_DEVT2DEVINFO: 6599 *result = zfs_dip; 6600 return (DDI_SUCCESS); 6601 6602 case DDI_INFO_DEVT2INSTANCE: 6603 *result = (void *)0; 6604 return (DDI_SUCCESS); 6605 } 6606 6607 return (DDI_FAILURE); 6608} 6609#endif /* illumos */ 6610 6611/* 6612 * OK, so this is a little weird. 6613 * 6614 * /dev/zfs is the control node, i.e. minor 0. 6615 * /dev/zvol/[r]dsk/pool/dataset are the zvols, minor > 0. 6616 * 6617 * /dev/zfs has basically nothing to do except serve up ioctls, 6618 * so most of the standard driver entry points are in zvol.c. 6619 */ 6620#ifdef illumos 6621static struct cb_ops zfs_cb_ops = { 6622 zfsdev_open, /* open */ 6623 zfsdev_close, /* close */ 6624 zvol_strategy, /* strategy */ 6625 nodev, /* print */ 6626 zvol_dump, /* dump */ 6627 zvol_read, /* read */ 6628 zvol_write, /* write */ 6629 zfsdev_ioctl, /* ioctl */ 6630 nodev, /* devmap */ 6631 nodev, /* mmap */ 6632 nodev, /* segmap */ 6633 nochpoll, /* poll */ 6634 ddi_prop_op, /* prop_op */ 6635 NULL, /* streamtab */ 6636 D_NEW | D_MP | D_64BIT, /* Driver compatibility flag */ 6637 CB_REV, /* version */ 6638 nodev, /* async read */ 6639 nodev, /* async write */ 6640}; 6641 6642static struct dev_ops zfs_dev_ops = { 6643 DEVO_REV, /* version */ 6644 0, /* refcnt */ 6645 zfs_info, /* info */ 6646 nulldev, /* identify */ 6647 nulldev, /* probe */ 6648 zfs_attach, /* attach */ 6649 zfs_detach, /* detach */ 6650 nodev, /* reset */ 6651 &zfs_cb_ops, /* driver operations */ 6652 NULL, /* no bus operations */ 6653 NULL, /* power */ 6654 ddi_quiesce_not_needed, /* quiesce */ 6655}; 6656 6657static struct modldrv zfs_modldrv = { 6658 &mod_driverops, 6659 "ZFS storage pool", 6660 &zfs_dev_ops 6661}; 6662 6663static struct modlinkage modlinkage = { 6664 MODREV_1, 6665 (void *)&zfs_modlfs, 6666 (void *)&zfs_modldrv, 6667 NULL 6668}; 6669#endif /* illumos */ 6670 6671static struct cdevsw zfs_cdevsw = { 6672 .d_version = D_VERSION, 6673 .d_open = zfsdev_open, 6674 .d_ioctl = zfsdev_ioctl, 6675 .d_name = ZFS_DEV_NAME 6676}; 6677 6678static void 6679zfs_allow_log_destroy(void *arg) 6680{ 6681 char *poolname = arg; 6682 strfree(poolname); 6683} 6684 6685static void 6686zfsdev_init(void) 6687{ 6688 zfsdev = make_dev(&zfs_cdevsw, 0x0, UID_ROOT, GID_OPERATOR, 0666, 6689 ZFS_DEV_NAME); 6690} 6691 6692static void 6693zfsdev_fini(void) 6694{ 6695 if (zfsdev != NULL) 6696 destroy_dev(zfsdev); 6697} 6698 6699static struct root_hold_token *zfs_root_token; 6700struct proc *zfsproc; 6701 6702#ifdef illumos 6703int 6704_init(void) 6705{ 6706 int error; 6707 6708 spa_init(FREAD | FWRITE); 6709 zfs_init(); 6710 zvol_init(); 6711 zfs_ioctl_init(); 6712 6713 if ((error = mod_install(&modlinkage)) != 0) { 6714 zvol_fini(); 6715 zfs_fini(); 6716 spa_fini(); 6717 return (error); 6718 } 6719 6720 tsd_create(&zfs_fsyncer_key, NULL); 6721 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6722 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6723 6724 error = ldi_ident_from_mod(&modlinkage, &zfs_li); 6725 ASSERT(error == 0); 6726 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6727 6728 return (0); 6729} 6730 6731int 6732_fini(void) 6733{ 6734 int error; 6735 6736 if (spa_busy() || zfs_busy() || zvol_busy() || zio_injection_enabled) 6737 return (SET_ERROR(EBUSY)); 6738 6739 if ((error = mod_remove(&modlinkage)) != 0) 6740 return (error); 6741 6742 zvol_fini(); 6743 zfs_fini(); 6744 spa_fini(); 6745 if (zfs_nfsshare_inited) 6746 (void) ddi_modclose(nfs_mod); 6747 if (zfs_smbshare_inited) 6748 (void) ddi_modclose(smbsrv_mod); 6749 if (zfs_nfsshare_inited || zfs_smbshare_inited) 6750 (void) ddi_modclose(sharefs_mod); 6751 6752 tsd_destroy(&zfs_fsyncer_key); 6753 ldi_ident_release(zfs_li); 6754 zfs_li = NULL; 6755 mutex_destroy(&zfs_share_lock); 6756 6757 return (error); 6758} 6759 6760int 6761_info(struct modinfo *modinfop) 6762{ 6763 return (mod_info(&modlinkage, modinfop)); 6764} 6765#endif /* illumos */ 6766 6767static int zfs__init(void); 6768static int zfs__fini(void); 6769static void zfs_shutdown(void *, int); 6770 6771static eventhandler_tag zfs_shutdown_event_tag; 6772 6773#ifdef __FreeBSD__ 6774#define ZFS_MIN_KSTACK_PAGES 4 6775#endif 6776 6777int 6778zfs__init(void) 6779{ 6780 6781#ifdef __FreeBSD__ 6782#if KSTACK_PAGES < ZFS_MIN_KSTACK_PAGES 6783 printf("ZFS NOTICE: KSTACK_PAGES is %d which could result in stack " 6784 "overflow panic!\nPlease consider adding " 6785 "'options KSTACK_PAGES=%d' to your kernel config\n", KSTACK_PAGES, 6786 ZFS_MIN_KSTACK_PAGES); 6787#endif 6788#endif 6789 zfs_root_token = root_mount_hold("ZFS"); 6790 6791 mutex_init(&zfs_share_lock, NULL, MUTEX_DEFAULT, NULL); 6792 6793 spa_init(FREAD | FWRITE); 6794 zfs_init(); 6795 zvol_init(); 6796 zfs_ioctl_init(); 6797 6798 tsd_create(&zfs_fsyncer_key, NULL); 6799 tsd_create(&rrw_tsd_key, rrw_tsd_destroy); 6800 tsd_create(&zfs_allow_log_key, zfs_allow_log_destroy); 6801 tsd_create(&zfs_geom_probe_vdev_key, NULL); 6802 6803 printf("ZFS storage pool version: features support (" SPA_VERSION_STRING ")\n"); 6804 root_mount_rel(zfs_root_token); 6805 6806 zfsdev_init(); 6807 6808 return (0); 6809} 6810 6811int 6812zfs__fini(void) 6813{ 6814 if (spa_busy() || zfs_busy() || zvol_busy() || 6815 zio_injection_enabled) { 6816 return (EBUSY); 6817 } 6818 6819 zfsdev_fini(); 6820 zvol_fini(); 6821 zfs_fini(); 6822 spa_fini(); 6823 6824 tsd_destroy(&zfs_fsyncer_key); 6825 tsd_destroy(&rrw_tsd_key); 6826 tsd_destroy(&zfs_allow_log_key); 6827 6828 mutex_destroy(&zfs_share_lock); 6829 6830 return (0); 6831} 6832 6833static void 6834zfs_shutdown(void *arg __unused, int howto __unused) 6835{ 6836 6837 /* 6838 * ZFS fini routines can not properly work in a panic-ed system. 6839 */ 6840 if (panicstr == NULL) 6841 (void)zfs__fini(); 6842} 6843 6844 6845static int 6846zfs_modevent(module_t mod, int type, void *unused __unused) 6847{ 6848 int err; 6849 6850 switch (type) { 6851 case MOD_LOAD: 6852 err = zfs__init(); 6853 if (err == 0) 6854 zfs_shutdown_event_tag = EVENTHANDLER_REGISTER( 6855 shutdown_post_sync, zfs_shutdown, NULL, 6856 SHUTDOWN_PRI_FIRST); 6857 return (err); 6858 case MOD_UNLOAD: 6859 err = zfs__fini(); 6860 if (err == 0 && zfs_shutdown_event_tag != NULL) 6861 EVENTHANDLER_DEREGISTER(shutdown_post_sync, 6862 zfs_shutdown_event_tag); 6863 return (err); 6864 case MOD_SHUTDOWN: 6865 return (0); 6866 default: 6867 break; 6868 } 6869 return (EOPNOTSUPP); 6870} 6871 6872static moduledata_t zfs_mod = { 6873 "zfsctrl", 6874 zfs_modevent, 6875 0 6876}; 6877DECLARE_MODULE(zfsctrl, zfs_mod, SI_SUB_VFS, SI_ORDER_ANY); 6878MODULE_VERSION(zfsctrl, 1); 6879MODULE_DEPEND(zfsctrl, opensolaris, 1, 1, 1); 6880MODULE_DEPEND(zfsctrl, krpc, 1, 1, 1); 6881MODULE_DEPEND(zfsctrl, acl_nfs4, 1, 1, 1); 6882